Security Specialist (Third Party)

Information Security Third-Party Risk Specialist

Hybrid - Southampton - 60% Time on site

£42,848 - £55,000

Please note for to apply for this role you must use the link included below.

Job summary

Are you passionate about information security and confident assessing and managing supply chain risks?

Do you have experience working with third-party suppliers to embed secure-by-design principles and improve an organisation's security posture?

Would you like to play a key role in protecting national infrastructure and influencing how security is embedded across critical digital services?

Job description

As a Third-Party Information Security Specialist, you will play a vital role within the Maritime and Coastguard Agency's Information Security team, helping to protect our people, systems, and data across both internal operations and external suppliers.

Your work will directly support MCA's broader Information Security strategy, helping to embed best practices and risk awareness throughout the organisation and its supply chain. You'll influence how security requirements are considered from the earliest design stages of projects through to operational delivery and the continued lifecycle of a service.

You'll be responsible for ensuring that third-party suppliers-both current and prospective-are assessed against our Secure by Design principles and meet our security expectations. Acting as a trusted advisor, you'll proactively identify and manage supply chain risks, contribute to strategic security planning, and embed information security into the design of projects and operational processes from the outset. Your work will help strengthen MCA's resilience, balancing practical delivery needs with long-term national security priorities.

This role offers the opportunity to support the UK's maritime and emergency services by ensuring new and innovative technology is delivered in-line with Secure by Design principles.

Your responsibilities include but are not limited to:

Providing security consultation on projects, strategic programs, and procurement activities, ensuring suppliers security posture is compliant with MCA policy and Secure by Design principles.

Supporting contract management by advising on appropriate Government Security Schedules, reviewing supplier Security Management Plans (SMPs), and conducting annual security reviews to maintain compliance with MCA requirements.

Leading the onboarding and risk assessment of existing MCA suppliers into the organisation's chosen Third-Party Risk Management platform, with prioritisation based on supplier criticality and risk exposure.

Attendance at supplier review boards and governance forums to ensure security recommendations are tracked, addressed, and implemented, and to provide subject matter expertise on supplier security posture and ongoing risk mitigation.

For further information about the role and responsibilities, please see the attached role profile.

About You

You'll have a strong grounding in information security, ideally supported by certifications such as CISM, CISSP, CISA, or equivalent experience. You're someone who can apply core security principles to support the delivery of secure systems and services, and who brings a practical, risk-based mindset to identifying and mitigating third-party and organisational security risks.

You'll have experience assessing supplier security, applying government protective security standards across digital and physical environments, and supporting the design of proportionate controls. You're comfortable analysing threat intelligence and using those insights to inform decision-making, incident response, and ongoing risk management activities.

You're confident engaging with a wide range of stakeholders-from technical teams to senior leaders-and are able to clearly communicate evidence-based risk decisions in a way that supports understanding and action. You bring strong attention to detail, a calm and assertive approach to managing difficult conversations, and a collaborative mindset that helps build trust and shared purpose.

You have a broad understanding of security frameworks and governance, and while you may not specialise in every technical detail, you take a holistic view-balancing operational needs with strategic objectives to help deliver secure, resilient outcomes.

Please note for full information on this role, including the Job description, follow this link to the Civil Service Jobs Site - (url removed)>

Contact point for applicants

Greg Swayne

Email