Third Party Risk Manager

Third Party Risk Manager - Cyber (Supplier Assurance | Technical Focus)

Location Fully Remote (UK-based)

Duration - 3 Months but likely to run until October 2026

About the Role

At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem.

This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners.

You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations.

What You'll Be Doing

Own and manage cyber security assurance across ~80 third-party suppliers

Carry out technical security assessments of cloud, SaaS, and infrastructure providers

Review supplier controls including:

Cloud security

Identity & access management

Network security

Application security

Assess supplier evidence such as penetration tests, SOC reports, and ISO 27001 audits

Lead ISO 27001-aligned supplier audits with a focus on technical control effectiveness

Identify, track, and drive closure of supplier security risks

Work closely with Cyber Security Engineering and Technology teams

Provide clear, risk-based reporting on supplier security postureWhat We're Looking For

Essential Experience

Strong background in cyber security, infrastructure security, cloud security, or security engineering

Proven experience in Third Party Risk Management (TPRM) or supplier assurance

Experience performing technical security assessments of suppliers or systems

Strong understanding of:

Cloud security (AWS / Azure / GCP)

IAM, network, and application security

Hands-on experience with ISO 27001 audits and technical control assessment

Ability to review and challenge security evidence (e.g. pen tests, SOC reports)

Experience working in complex environments with multiple suppliers (50-100+)Desirable

ISO 27001 Lead Auditor certification

CISSP, CISM, CRISC or similar

Background in security engineering, cloud security, or infrastructure security

Financial services or regulated environment experienceWhat You'll Bring

A strong technical mindset and attention to detail

Confidence challenging suppliers on security design and controls

Ability to translate technical risk into clear outcomes

Strong communication with both engineers and senior stakeholders

Ownership of your supplier portfolio in a remote environment

Candidates will ideally show evidence of the above in their CV to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention