Future Tech Jobs Future Tech Jobs

Third Party Risk Manager

Pontoon
Edinburgh, Alba / Scotland, United Kingdom
Today
Job Type
Contract
Work Pattern
Full-time
Work Location
Remote
Seniority
Mid
Education
Degree
Posted
8 May 2026 (Today)
Share
Save job
Create job alert

Third Party Risk Manager - Cyber (Supplier Assurance | Technical Focus)

Location Fully Remote (UK-based)

Duration - 3 Months but likely to run until October 2026

About the Role

At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem.

This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners.

You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations.

What You'll Be Doing

Own and manage cyber security assurance across ~80 third-party suppliers

Carry out technical security assessments of cloud, SaaS, and infrastructure providers

Review supplier controls including:

Cloud security

Identity & access management

Network security

Application security

Assess supplier evidence such as penetration tests, SOC reports, and ISO 27001 audits

Lead ISO 27001-aligned supplier audits with a focus on technical control effectiveness

Identify, track, and drive closure of supplier security risks

Work closely with Cyber Security Engineering and Technology teams

Provide clear, risk-based reporting on supplier security postureWhat We're Looking For

Essential Experience

Strong background in cyber security, infrastructure security, cloud security, or security engineering

Proven experience in Third Party Risk Management (TPRM) or supplier assurance

Experience performing technical security assessments of suppliers or systems

Strong understanding of:

Cloud security (AWS / Azure / GCP)

IAM, network, and application security

Hands-on experience with ISO 27001 audits and technical control assessment

Ability to review and challenge security evidence (e.g. pen tests, SOC reports)

Experience working in complex environments with multiple suppliers (50-100+)Desirable

ISO 27001 Lead Auditor certification

CISSP, CISM, CRISC or similar

Background in security engineering, cloud security, or infrastructure security

Financial services or regulated environment experienceWhat You'll Bring

A strong technical mindset and attention to detail

Confidence challenging suppliers on security design and controls

Ability to translate technical risk into clear outcomes

Strong communication with both engineers and senior stakeholders

Ownership of your supplier portfolio in a remote environment

Candidates will ideally show evidence of the above in their CV to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention

Related Jobs

View all jobs

Governance, Risk & Compliance Lead

Spectrum IT Recruitment Dublin, City Of Dublin, Ireland
£77,691 – £86,324 pa On-site

Head of Information Security

SSA Digital Recruitment Bedford, Bedfordshire, United Kingdom
£80,000 – £90,000 pa Hybrid

Security Engineer

Synapri London, United Kingdom

Information Security Architect

AJ Bell Business Solutions Limited Salford, Manchester, M41 8PH, United Kingdom
£75,000 – £85,000 pa Hybrid

Cyber Security Assurance Specialist

GTC Recruitment Culham, Oxfordshire, OX14 4LY, United Kingdom
£50 – £55 ph Hybrid Clearance Required

Cyber Security Operations Analyst (Tier 2)

CPS Group United Kingdom
£350 – £390 pd

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Products

Where to Advertise Cyber Security Jobs in the UK (2026 Guide)

Advertising cyber security jobs in the UK requires a different approach to most technical hiring. The candidate pool is small, heavily vetted and in high demand across government, financial services, critical national infrastructure and the private sector simultaneously. Many of the strongest candidates hold active security clearances, are not actively job-searching through general platforms, and move primarily through specialist networks and trusted referrals. General job boards reach a broad audience but lack the specificity that security professionals expect. Specialist platforms, government-affiliated channels and cleared candidate networks each serve a different part of the market. This guide, published by CybersecurityJobs.tech, covers where to advertise cyber security roles in the UK in 2026, how the main platforms compare, what employers should expect to pay, and what the data says about hiring across different role types.

Jobs

Cyber Security Jobs UK 2026: What to Expect Over the Next 3 Years

Cyber security is one of the few sectors where demand for talent has never once dipped. Every major technological shift of the past decade — cloud migration, remote working, AI adoption, the proliferation of connected devices — has expanded the attack surface that security professionals are expected to defend. And every expansion of that attack surface has generated more jobs. But the cyber security jobs market of 2026 is not simply a larger version of what it was three years ago. It is a structurally different market. The threats have evolved, the technologies used to combat them have changed, the regulatory environment has tightened considerably, and the roles being created reflect all of that. A job seeker who understands only the cyber security landscape of 2023 is already working with an outdated map. The candidates who will thrive over the next three years are those who understand where the sector is heading — which specialisms are attracting the most investment, which technologies are reshaping defensive and offensive security practice, and how the definition of a cyber security professional is broadening well beyond the traditional image of a network defender in a SOC. This article breaks down what the UK cyber security jobs market is likely to look like through to 2028 — covering the titles emerging right now, the technologies driving employer demand, the skills that will matter most, and how to position your career ahead of the curve.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

🍪 Basic, anonymous analytics (aggregate counts only, never shared) are always on. Accept to also enable third-party tools — Google Analytics, Microsoft Clarity, Mixpanel, Leadfeeder — which help us match you with relevant Cyber Security roles. We never sell your data or use it for cross-site advertising. See our Cookie Policy.