Third Party Risk Manager*

Third Party Risk Manager - Cyber (Supplier Assurance | Technical Focus)

Location Fully Remote (UK-based)

Duration - 3 Months but likely to run until October 2026

About the Role

At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem.

This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners.

You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations.

What You'll Be Doing

• Own and manage cyber security assurance across ~80 third-party suppliers

• Carry out technical security assessments of cloud, SaaS, and infrastructure providers

• Review supplier controls including:

  • Cloud security

  • Identity & access management

  • Network security

  • Application security

• Assess supplier evidence such as penetration tests, SOC reports, and ISO 27001 audits

• Lead ISO 27001-aligned supplier audits with a focus on technical control effectiveness

• Identify, track, and drive closure of supplier security risks

• Work closely with Cyber Security Engineering and Technology teams

• Provide clear, risk-based reporting on supplier security posture

What We're Looking For

Essential Experience

• Strong background in cyber security, infrastructure security, cloud security, or security engineering

• Proven experience in Third Party Risk Management (TPRM) or supplier assurance

• Experience performing technical security assessments of suppliers or systems

• Strong understanding of:

  • Cloud security (AWS / Azure / GCP)

  • IAM, network, and application security

• Hands-on experience with ISO 27001 audits and technical control assessment

• Ability to review and challenge security evidence (e.g. pen tests, SOC reports)

• Experience working in complex environments with multiple suppliers (50-100+)

Desirable

• ISO 27001 Lead Auditor certification

• CISSP, CISM, CRISC or similar

• Background in security engineering, cloud security, or infrastructure security

• Financial services or regulated environment experience

What You'll Bring

• A strong technical mindset and attention to detail

• Confidence challenging suppliers on security design and controls

• Ability to translate technical risk into clear outcomes

• Strong communication with both engineers and senior stakeholders

• Ownership of your supplier portfolio in a remote environment

Candidates will ideally show evidence of the above in their CV to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.