Ideas | People | Trust
We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.
We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy – and directly advise the owners and management teams leading them.
We’ll broaden your horizons
The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.
We’ll help you succeed
Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.
You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.
Role Purpose
The Third Party Risk Manager is responsible for implementation of the BDO third party security framework. This includes assessing the information security risks of our 3rd parties, by evaluating the 3rd parties' security controls and ensuring supplier and supply chain information security risks to BDO and BDO client services are identified, assessed and managed.
This role reports to the Information Security Manager.
Principal Accountabilities
Leads in the execution and continuous improvement of the information security supply chain framework, which includes ensuring that security controls are implemented within the supply chain lifecycle at BDO
Co-ordinates the BDO supplier and supply chain information security due supplier risk assessment framework and due diligence procedure and delivery of service to stakeholders
Supports risk-based planning for supplier information security due diligence and risk assessment activities
Partners with procurement, contract management and other key stakeholders to ensure the end-to-end third-party processes consider information security
Coordinates the gathering of vendor risk assessment data and prepares risk assessments for vendors as needed, to be published and communicated to stakeholders
Understands and applies relevant regulatory and legal compliance requirements
Assesses vendor risks against BDO contractual requirements and controls
Assess third party vendor regulatory compliance
Conduct due diligence and assessments of third-party security controls and posture
Coordinates the identification and ranking of vendor risks
Coordinates the classification and tiering of vendors by risks and risk impacts
Communicates identified risk requirements to internal stakeholders
Builds communication and escalation plans around vendor risk management activities
Ensures that vendor remediation actions, mitigation and contingency plans are identified and communicated to business owners
Tracks identified risks and risk events through the supplier lifecycle
Maintain required activity and risk metrics and other data
Report on activities related to third party supplier assurance as required
Collate, analyse, and track evidence provided and gathered via direct and indirect external sources to understand information security supply chain risk
Supports review and continual improvement of information security supplier due diligence and risk assessment procedures
Together with legal, develop and maintain a set of security contractual clauses and service level agreements
Knowledge and Experience
Demonstrable experience with supplier and supply chain due diligence frameworks, procedures, data gathering and information security risk and controls assessment
Experience of supplier information security risk management at all stages of the supplier lifecycle from procurement, contracting, on-boarding, contract management and off-boarding
Experience with business service, system and data architectures
Experience of information security audit and assurance
Familiarity with formal information security frameworks and certifications such as SOC 2, ISO27001, CE+, CIS top 20, OWASP
Experience with contract review of information security schedules and terms
Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
Excellent stakeholder engagement and management experience and skills with the ability to understand complex business structures and services and to advise senior stakeholders on information security risks, mitigations and management strategies
Self-motivated with keen attention to detail
Have a relevant industry certification such as CISSP, CISM, CRISC or equivalent
NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post.
You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to our business. We’re committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.
At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.
We’re in it together
Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.
Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.
We know that collaboration is the key to creating value and satisfying experiences at work, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.
We’re looking forward to the future
At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy.
Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.
We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
#LI-SS3
#TJ-SS3
