Principal Third Party Risk Analyst @ OneAdvanced

Supplier Cybersecurity Assessments

• Conduct detailed cybersecurity assessments for new and existing suppliers based on their classification and inherent risk.
• Review supplier evidence including SOC 2 reports, ISO 27001 certifications, penetration test results, data flows, architecture diagrams, cloud security configurations, and security policies.
• Evaluate cybersecurity controls across key areas such as access management, encryption, monitoring, incident response, business continuity, and vulnerability management.
• Document risks, observations, and required actions with clarity and accuracy.

Risk Governance & Exception Support

• Maintain and update the supplier cybersecurity risk register, ensuring risks are tracked, monitored, and managed through their lifecycle.
• Support the exception process by preparing well-reasoned, risk-based recommendations and identifying potential compensating controls.
• Ensure consistency and adherence to ISO 27001, NIST CSF, GDPR, and internal security policies.

Execution of the TPRM Process

• Manage all cybersecurity-related elements of the TPRM workflow, including RSQ/SAQ review, supplier classification, assessment execution, and remediation follow-up.
• Ensure assessments are completed within agreed timelines while maintaining high quality and accuracy.
• Coordinate with suppliers and internal stakeholders to obtain required information and progress reviews.

Continuous Improvement & AI Enablement

• Improve assessment quality, efficiency, and consistency through updated templates, improved scoring methods, and streamlined review processes.
• Leverage AI-enabled tools for evidence extraction, document review, control mapping, or supplier intelligence where applicable.
• Contribute to the evolution of the TPRM methodology and the cybersecurity control library.

Collaboration & Stakeholder Engagement

• Work closely with Procurement, Legal, Technology, and Business teams to embed supplier cybersecurity expectations into procurement and contracting activities.
• Provide clear communication on assessment outcomes, risks, and mitigation actions.
• Support security clause reviews and input to contract obligations when required.

Metrics, Monitoring & Reporting

• Produce dashboards and reports to reflect supplier assessment progress, open risks, exceptions, and remediation status.
• Identify trends or recurring issues across suppliers and provide insights for programme improvement.
• Support updates to relevant governance forums when needed.

Awareness & Knowledge Sharing

• Deliver internal awareness sessions on supplier cybersecurity expectations and TPRM processes.
• Stay informed about emerging supply-chain threats, regulatory developments, and best practices.

Skills and Experience

• Minimum of 8 years in Third-Party Risk Management, cybersecurity assessment, audit, security assurance, or related roles.
• Strong understanding of cybersecurity frameworks such as ISO 27001:2022, NIST CSF, SOC 2, GDPR, cloud security principles, and SaaS security controls.
• Proven ability to review complex technical documents and extract meaningful risk insights.
• Strong analytical ability with high attention to detail and structured documentation skills.
• Ability to work autonomously, manage multiple assessments, and handle changing priorities.
• Effective written and verbal communication suitable for cross-functional teams.

Preferred Qualifications

• Bachelor s degree in Cybersecurity, Information Security, IT, Risk Management, or equivalent.
• Certifications such as CRISC, CTPRP, CISA, CISSP, ISO 27001 Lead Auditor/Implementer are desirable.
• Experience with AI-enabled assessment or automation tools is advantageous.

Behavioural Attributes

• A balanced, risk-based mindset with the ability to make sound, well-reasoned decisions.
• Logical thinking, problem-solving ability, and willingness to challenge assumptions where needed.
• Commitment to continuous improvement and professional growth.
• Collaborative, dependable, and able to build strong working relationships

• Wellbeing focused Our people are our greatest assets, and ensuring everyone feels their best self to come to work is integral.
• Annual Leave 20 days of annual leave, plus public holidays
• Employee Assistance Programme Free advice, support, and confidential counselling available 24/7.
• Personal Growth - Regardless of where you are at in your career, we re committed to enabling your growth personally and professionally
  • Development Programmes From Future Managers to Leadership Training, our development programmes help you get where you need to go
  • Online Learning Platform: SkillsHub! - Learning at your fingertips, anytime from anywhere. You can access our online library with relevant content for your career growth.
• Life Insurance - 3x annual salary
• Personal Accident Insurance - providing cover in the event of serious injury/illness.
• Performance Bonus Our Group-wide bonus scheme enables you to reap the rewards of your success