Risk Manager (Third Party & Supply Chain)

We are AMS. We are a global total workforce solutions firm; we enable organisations to thrive in an age of constant change by building, re-shaping, and optimising workforces. Our Contingent Workforce Solutions (CWS) is one of our service offerings; we act as an extension of our clients' recruitment team and provide professional interim and temporary resources.

Evelyn Partners is the UK's leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.

On behalf of Evelyn Partners, AMS are looking for a Risk Manager (Third Party & Supply Chain) for a 6 Month contract based in Liverpool. (Hybrid)

Purpose of the Role:

Evelyn Partners is looking for an experienced information security risk professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain, and working on other governance, risk and compliance projects within a team. T

The Risk Manager will verify that third parties meet the minimum-security requirements to protect our organisation from a supply chain related attack or incident, apply relevant risk mitigations, deal with multiple stakeholders to ensure end to end treatment is applied. They will also be part of our PMO, and governance and compliance processes through the business and frequently deliver updates to senior management in meetings and information security forums. They will work towards ensuring the business remains compliant to regulatory frameworks and good practice standards.

As a Risk Manager you will be responsible for:

• Conducting due diligence and security risk assessments on suppliers, vendors, and other third parties across the supply chain.
• Evaluating vendor security postures using evidence-based assessments (eg, SOC 2, ISO 27001, penetration tests).
• Ensuring third parties meet Evelyn Partners' minimum security standards and apply effective risk mitigations where gaps are identified.
• Maintaining an accurate and current view of supply chain risks, including emerging threats and vulnerabilities in the vendor ecosystem.
• Supporting incident response planning and coordination related to supply chain risk scenarios.
• Supporting the implementation and continual improvement of ISO 27001, Cyber Essentials, and NIST CSF compliance programs.
• Ensuring security risks are effectively communicated to stakeholders and appropriately documented.

Key Accountabilities, Skills & Experience

• Proven experience in Information Security, specifically in third-party risk, supply chain assurance, and governance, risk, and compliance.
• Strong understanding of ISO 27001 (implementation, audit, and continuous improvement), Cyber Essentials, and NIST CSF.
• Familiarity with reviewing SOC 2 Type II, ISO 27001 certifications, and other third-party assurance artefacts.
• Ability to analyse and evaluate technical and procedural controls in vendor environments.
• Experience responding to audit and regulatory requests, and supporting client due diligence processes.
• Strong collaboration and communication skills to engage with non-technical stakeholders and influence outcomes.
• Ability to work proactively and manage multiple concurrent assessments and projects in a dynamic environment.

About the Client:

We provide an award-winning service for our clients by employing the best people. Join us on our mission to place the power of good advice into more hands because we believe that everyone deserves access to good advice, regardless of where they're at in their financial journey.

As a high growth organisation, we offer personal growth opportunities in an environment that empowers you to drive change. Our collaborative, open door culture supports you to perform at your best, with high levels of autonomy and a strong partnership mindset across the organisation.

Next Steps:

This client will only accept workers operating via an Umbrella or PAYE engagement model.

If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course.

AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business.