Third-Party Security Risk Consultant Job Description
This role is for a security risk professional who can support the expansion of our client's security risk function. As a third-party security risk consultant, you will be responsible for assessing the security controls of vendors and helping clients strengthen their supplier risk processes.
You'll work closely with internal security teams and client stakeholders to review third-party risks, evaluate control maturity, and provide clear guidance on remediation steps. Your expertise in information security, risk management, or consulting roles will be essential in identifying areas for improvement and developing strategies to mitigate risks.
The ideal candidate will have around 3+ years of experience in information security, risk, or consulting roles with exposure to supplier or control assessments. They should also have a strong understanding of core security domains, including access management, network controls, data protection, and secure configuration.
In addition to technical skills, the successful candidate will possess excellent communication and analytical skills, with the ability to manage multiple pieces of work at once and communicate effectively with clients.
We are looking for someone who is curious, detail-oriented, and able to work independently in a delivery-focused consulting environment.
Key Responsibilities:
* Support the rollout and improvement of third-party risk assessment programmes
* Carry out detailed reviews of vendor security controls and identify areas for improvement
* Help clients understand their risk exposure and provide actionable remediation steps
* Contribute to ongoing managed security engagements, supporting daily operations and scheduled assessments
* Keep informed on changes in security standards, supplier risk trends, and regulatory expectations
* Assist with the design of assessment processes and ensure consistency across multiple clients
* Work closely with technical and non-technical teams to ensure projects run smoothly and meet expectations
Requirements:
* Around 3+ years of experience in information security, risk, or consulting roles with exposure to supplier or control assessments
* Strong understanding of core security domains - access management, network controls, data protection, and secure configuration
* Experience working with risk platforms or governance tools (any vendor)
* Ability to interpret security requirements, identify gaps, and outline remediation plans
* Excellent communication and analytical skills
* Ability to manage multiple pieces of work at once and communicate effectively with clients
Benefits:
* Flexible working arrangements
* Ongoing training and development opportunities
* Opportunity to work with a variety of clients and projects
About Us:
We are a leading provider of recruitment services, specialising in the placement of professionals in various industries. We pride ourselves on our ability to deliver high-quality candidates who meet the needs of our clients.