Third Party Risk Manager

Tower, Greater London
2 weeks ago
Applications closed

Related Jobs

View all jobs

Programme Manager

Programme Manager

Security Operations Manager

Security Operations Manager

Physical Security Program Manager, Physical Security

Security Governance Analyst

Ideas | People | Trust

We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.

We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy – and directly advise the owners and management teams leading them.

We’ll broaden your horizons

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.

We’ll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

Role Purpose 

The Third Party Risk Manager is responsible for implementation of the BDO third party security framework. This includes assessing the information security risks of our 3rd parties, by evaluating the 3rd parties' security controls and ensuring supplier and supply chain information security risks to BDO and BDO client services are identified, assessed and managed. 

This role reports to the Information Security Manager. 

Principal Accountabilities

Leads in the execution and continuous improvement of the information security supply chain framework, which includes ensuring that security controls are implemented within the supply chain lifecycle at BDO 

Co-ordinates the BDO supplier and supply chain information security due supplier risk assessment framework and due diligence procedure and delivery of service to stakeholders 

Supports risk-based planning for supplier information security due diligence and risk assessment activities  

Partners with procurement, contract management and other key stakeholders to ensure the end-to-end third-party processes consider information security  

Coordinates the gathering of vendor risk assessment data and prepares risk assessments for vendors as needed, to be published and communicated to stakeholders

Understands and applies relevant regulatory and legal compliance requirements 

Assesses vendor risks against BDO contractual requirements and controls  

Assess third party vendor regulatory compliance 

Conduct due diligence and assessments of third-party security controls and posture 

Coordinates the identification and ranking of vendor risks 

Coordinates the classification and tiering of vendors by risks and risk impacts 

Communicates identified risk requirements to internal stakeholders 

Builds communication and escalation plans around vendor risk management activities  

Ensures that vendor remediation actions, mitigation and contingency plans are identified and communicated to business owners 

Tracks identified risks and risk events through the supplier lifecycle 

Maintain required activity and risk metrics and other data  

Report on activities related to third party supplier assurance as required 

Collate, analyse, and track evidence provided and gathered via direct and indirect external sources to understand information security supply chain risk 

Supports review and continual improvement of information security supplier due diligence and risk assessment procedures 

Together with legal, develop and maintain a set of security contractual clauses and service level agreements 

Knowledge and Experience

Demonstrable experience with supplier and supply chain due diligence frameworks, procedures, data gathering and information security risk and controls assessment 

Experience of supplier information security risk management at all stages of the supplier lifecycle from procurement, contracting, on-boarding, contract management and off-boarding 

Experience with business service, system and data architectures  

Experience of information security audit and assurance  

Familiarity with formal information security frameworks and certifications such as SOC 2, ISO27001, CE+, CIS top 20, OWASP 

Experience with contract review of information security schedules and terms  

Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience. 

Excellent stakeholder engagement and management experience and skills with the ability to understand complex business structures and services and to advise senior stakeholders on information security risks, mitigations and management strategies

Self-motivated with keen attention to detail 

Have a relevant industry certification such as CISSP, CISM, CRISC or equivalent

 

NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post. 

 

You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to our business. We’re committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.

At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We’re in it together

Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture.  From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.

Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another.  At BDO, you’ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value and satisfying experiences at work, so we’ve invested in state-of-the-art collaboration spaces in our offices.  BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences.  With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.

We’re looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy.

Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.

We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

#LI-SS3

#TJ-SS3

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Quantum-Enhanced AI in Cyber Security: Guarding the Digital Frontier

The cyber security landscape has evolved dramatically over the past decade. Long gone are the days when businesses primarily worried about simplistic phishing or basic website defacements. Today’s threats include nation-state attacks, sophisticated ransomware, AI-generated phishing campaigns, and a wide array of stealthy intrusion methods. Organisations must defend vast digital ecosystems that include cloud infrastructure, IoT devices, and critical operational technology—any of which can become high-value targets for malicious actors. Amid these escalating challenges, a new technological wave is emerging: quantum computing. Although still in its infancy, quantum computing promises capabilities that could surpass even the most advanced classical supercomputers for specific tasks. Simultaneously, in the world of Artificial Intelligence (AI)—where data volumes and model complexity are exploding—quantum’s parallelism could significantly boost analysis, training, and decision-making. What unfolds when quantum computing and AI converge in the realm of cyber security? On one hand, quantum technologies could introduce stronger encryption and faster threat detection. On the other, adversaries armed with quantum power might break today’s cryptographic protocols or develop more potent attacks at unimaginable speeds. This article explores the phenomenon of quantum-enhanced AI for cyber security: the possibilities it unlocks, the challenges it poses, and the reasons it could reshape both defensive and offensive operations in the digital world.

Cyber Security Jobs at Newly Funded UK Start-ups: Q3 2025 Investment Tracker

Cyber security is no longer just a topic for tech-savvy professionals—it’s an essential pillar of every modern organisation. From protecting sensitive customer data to thwarting state-sponsored attacks, cyber security teams play a crucial role in safeguarding digital infrastructures across all sectors. In the UK, cyber security innovation is thriving, fuelled by a fertile mix of venture capital, government backing, and an ever-growing pool of talented specialists. Now, in the third quarter of 2025, we’ve seen a fresh influx of funding for cyber security start-ups that are poised to shape the industry’s future. This Q3 2025 Investment Tracker highlights newly funded UK-based cyber security start-ups, their core offerings, and—most importantly—the wide range of job opportunities they’re creating. Whether you’re a veteran security analyst, a pen tester, or a newcomer eager to explore the defensive side of tech, these start-ups are actively seeking professionals to help drive their next phase of growth. We’ll also guide you through the essential skills in demand, strategies to secure a role, and how to leverage CyberSecurityJobs.tech to fast-track your job search.

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.