Third Party Security Analyst

BDO UK LLP
London
1 month ago
Create job alert
Ideas | People | Trust

We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.

We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy – and directly advise the owners and management teams leading them.

We’ll broaden your horizons

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.

We’ll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

Role Purpose

TheThird Party Security Analyst (Manager grade)is responsible for the implementation of the BDO third party security framework. This includes assessing the information security risks of our 3rd parties, by evaluating the 3rd parties' security controls and ensuring supplier and supply chain information security risks to BDO and BDO client services are identified, assessed and managed.

This role reports to the Information Security Manager.

Principal Accountabilities

  • Leads in the execution and continuous improvement of the information security supply chain framework, which includes ensuring that security controls are implemented within the supply chain lifecycle at BDO.
  • Coordinates the BDO supplier and supply chain information security due diligence framework and delivery of service to stakeholders.
  • Supports risk-based planning for supplier information security due diligence and risk assessment activities.
  • Partners with procurement, contract management and other key stakeholders to ensure the end-to-end third-party processes consider information security.
  • Coordinates the gathering of vendor risk assessment data and prepares risk assessments for vendors as needed, to be published and communicated to stakeholders.
  • Understands and applies relevant regulatory and legal compliance requirements.
  • Assesses vendor risks against BDO contractual requirements and controls.
  • Assesses third party vendor regulatory compliance.
  • Conducts due diligence and assessments of third-party security controls and posture.
  • Coordinates the identification and ranking of vendor risks.
  • Coordinates the classification and tiering of vendors by risks and risk impacts.
  • Communicates identified risk requirements to internal stakeholders.
  • Builds communication and escalation plans around vendor risk management activities.
  • Ensures that vendor remediation actions, mitigation and contingency plans are identified and communicated to business owners.
  • Tracks identified risks and risk events through the supplier lifecycle.
  • Maintains required activity and risk metrics and other data.
  • Reports on activities related to third party supplier assurance as required.
  • Collates, analyses, and tracks evidence provided and gathered via direct and indirect external sources to understand information security supply chain risk.
  • Supports review and continual improvement of information security supplier due diligence and risk assessment procedures.
  • Together with legal, develops and maintains a set of security contractual clauses and service level agreements.

Knowledge and Experience

  • Demonstrable experience with supplier and supply chain due diligence frameworks, procedures, data gathering and information security risk and controls assessment.
  • Experience of supplier information security risk management at all stages of the supplier lifecycle from procurement, contracting, on-boarding, contract management and off-boarding.
  • Experience with business service, system and data architectures.
  • Experience of information security audit and assurance.
  • Familiarity with formal information security frameworks and certifications such as SOC 2, ISO27001, CE+, CIS top 20, OWASP.
  • Experience with contract review of information security schedules and terms.
  • Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
  • Excellent stakeholder engagement and management experience and skills with the ability to understand complex business structures and services and to advise senior stakeholders on information security risks, mitigations and management strategies.
  • Self-motivated with keen attention to detail.
  • Have a relevant industry certification such as CISSP, CISM, CRISC or equivalent.

NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post.

You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to our business. We’re committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.

At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We’re in it together

Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.

Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value and satisfying experiences at work, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.

We’re looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy.

Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.

We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

#LI-SS3

#J-18808-Ljbffr

Related Jobs

View all jobs

GRC Information Security Analyst

Information Security Analyst

Information Security Consultant

IT SOC Analyst

Information Security Assurance Analyst

Security Risk Analyst

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

Careers

How to Achieve Work-Life Balance in Cyber Security Jobs: Realistic Strategies and Mental Health Tips

Cyber security is one of today’s most vital and rapidly expanding sectors. As data breaches, ransomware, and other cyber threats continue to evolve, the demand for skilled professionals is surging across industries—from finance and healthcare to government and e-commerce. Whether you’re a penetration tester, security analyst, or threat intelligence expert, you play a key role in safeguarding digital infrastructure and sensitive information. This high-stakes environment, however, often comes with intense pressure. Long hours, constant vigilance, and an ever-changing threat landscape can make it challenging to find time for personal well-being. Many cyber security specialists report difficulty striking a sustainable work-life balance, unsure if it’s even possible in a field that never truly sleeps. Yet, as concerns about mental health and burnout become more pressing, professionals and employers alike are seeking better ways to combine career advancement with a fulfilling personal life. In this comprehensive article, we’ll explore how to achieve a work-life balance in cyber security. You’ll discover strategies for managing 24/7 threat alerts, the importance of realistic expectations, ways to maintain mental health in high-intensity roles, and tips for setting boundaries without compromising your professional growth. Whether you’re new to this dynamic arena or already an established specialist, these insights can help you thrive personally and professionally in the fast-paced world of cyber security.

Careers

Transitioning from Academia to the Cyber Security Industry: How Researchers Can Harness Their Skills to Protect Commercial Environments

Cyber security has become a mission-critical field in an era where data breaches, ransomware attacks, and sophisticated hacking techniques threaten businesses and public institutions alike. As digital transformation touches nearly every facet of modern life, the need for highly skilled individuals capable of defending systems and networks continues to grow. For PhDs and academic researchers with expertise in areas like cryptography, network security, or threat intelligence, this presents an exciting opportunity to deploy your analytical prowess in a high-impact, fast-paced commercial setting. In this guide we’ll explore how academics can successfully pivot from the research lab to the cyber security industry. Learn how to apply rigorous, theory-driven approaches to real-world challenges, from designing secure software architectures to neutralising advanced persistent threats. By embracing the industry’s urgency and end-to-end mindset, you can transform your scholarly insights into robust, market-facing security solutions that protect companies and users on a global scale.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.