Third Party Risk Manager

Third Party Risk Manager - Cyber (Supplier Assurance | Technical Focus)

Location Fully Remote (UK-based)

Duration - 3 Months but likely to run until October 2026

About the Role

At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem.

This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners.

You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations.

What You'll Be Doing

Own and manage cyber security assurance across ~80 third-party suppliers
Carry out technical security assessments of cloud, SaaS, and infrastructure providers
Review supplier controls including:
Cloud security
Identity & access management
Network security
Application security
Assess supplier evidence such as penetration tests, SOC reports, and ISO 27001 audits
Lead ISO 27001-aligned supplier audits with a focus on technical control effectiveness
Identify, track, and drive closure of supplier security risks
Work closely with Cyber Security Engineering and Technology teams
Provide clear, risk-based reporting on supplier security postureWhat We're Looking For

Essential Experience

Strong background in cyber security, infrastructure security, cloud security, or security engineering
Proven experience in Third Party Risk Management (TPRM) or supplier assurance
Experience performing technical security assessments of suppliers or systems
Strong understanding of:
Cloud security (AWS / Azure / GCP)
IAM, network, and application security
Hands-on experience with ISO 27001 audits and technical control assessment
Ability to review and challenge security evidence (e.g. pen tests, SOC reports)
Experience working in complex environments with multiple suppliers (50-100+)Desirable

ISO 27001 Lead Auditor certification
CISSP, CISM, CRISC or similar
Background in security engineering, cloud security, or infrastructure security
Financial services or regulated environment experienceWhat You'll Bring

A strong technical mindset and attention to detail
Confidence challenging suppliers on security design and controls
Ability to translate technical risk into clear outcomes
Strong communication with both engineers and senior stakeholders
Ownership of your supplier portfolio in a remote environment

Candidates will ideally show evidence of the above in their CV to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention