Information Security 3rd Party Risk Manager (FTC)

This is a position within a security risk team, focused on assessing and managing third-party risks. The role involves conducting supplier due diligence, reviewing compliance declarations, and supporting audit readiness across multiple frameworks.

Reporting to Head of GRC, this is a FTC role with hybrid working in Manchester

Client Details

A major UK-based technology and infrastructure provider offering connectivity, cloud, and security services. The organisation operates across several UK and international sites.

Description

• Conduct and maintain supplier security risk assessments and due diligence activities.
• Review and report on supplier security declarations in line with national telecom regulations.
• Provide strategic advice on managing supplier-related risks and compliance gaps.
• Govern relationships with critical suppliers to ensure alignment with security expectations.
• Support internal and external audits (eg ISO27001, TSA, financial audits).
• Communicate risks clearly to non-technical stakeholders to support informed decision-making.
• Monitor and interpret emerging compliance standards and apply them to supplier oversight.

Profile

• Extensive experience in security risk management, particularly in third-party and supplier contexts.
• Strong understanding of frameworks such as ISO27001, ISO27005, SOC2, and NIST.
• Holds certifications such as CISSP, CISM, or CRISC.
• Telecoms sector experience is a plus.
• Skilled in stakeholder engagement and translating technical risks into business language.

Job Offer

• Discretionary bonus
• Private Medical Insurance
• Max. 6% pension contributed from employer
• 25 days AL plus birthday leave
• Hybrid working - 1 - 3 days in Manchester office