security supply chain framework , which includes ensuring that security controls are implemented within the supply chain lifecycle at BDO Co-ordinates the BDO supplier and supply chain information security due supplier risk assessment framework and duediligence procedure and delivery of service to sta keholders Supports risk-based planning for supplier information security duediligence … and communicated to stakeholders Understands and applies relevant regulatory and legal compliance requirements Assesses vendor risks against BDO contractual requirements and controls Assess third party vendor regulatory compliance Conduct duediligence and assessments of third-party security controls and posture Coordinates the identification and ranking of vendor risks Coordinates the classification and tiering of vendors by risks and … analyse, and track evidence provided and gathered via direct and indirect external sources to understand information security supply chain risk Supports review and continual improvement of information security supplier duediligence and risk assessment procedures Together with legal, develop a nd maintain a set of security contractual clauses and service level agreements Knowledge and Experience Demonstrable e xperience More ❯
in a fast-paced, digital and competitive world. You will develop and grow by being exposed to complex and very exciting challenges (cost-reduction strategy, de-risking model, tech due-diligence...). In an agile and collaborative approach, you will assess and coach our clients' technology teams, define digital roadmap strategies and architecture options in multiple contexts including carve More ❯
you will be a strategic contributor supporting business development and security operations. You'll manage customer-facing security questionnaires, ensuring timely and accurate responses, and drive the Third-Party DueDiligence (TPDD) programme to evaluate and monitor supplier security posture. Your work will help reduce risk exposure, maintain compliance, and uphold Causeway’s reputation as a trusted technology … latest controls aligned with ISO 27001, Cyber Essentials, and SOC2. Act as a key point of contact for information security assurance queries from customers and internal teams. Third-Party DueDiligence Conduct initial and recurring vendor risk assessments using frameworks like ISO 27001, NIST 800-53, and CIS Controls. Score vendors, document gaps, and recommend remediation actions. Manage More ❯
The Opportunity Sitting within a dynamic global InfoSec team, you'll be responsible for: Leading third-party risk assessments and driving continuous improvement of vendor governance processes. Owning client duediligence responses, ensuring the business meets external compliance and assurance requirements. Developing and delivering enterprise-wide awareness training, phishing simulations, and educational campaigns. Advising technical teams and stakeholders … speak with individuals who bring: 6+ years of experience in GRC within cybersecurity, ideally in financial services or highly regulated environments. Proven capability in third-party risk management, client duediligence, and compliance frameworks (NIST, ISO 27001, DORA, etc.). Experience in managing audits and regulatory engagements across multiple jurisdictions. Excellent communication skills - able to translate complex technical More ❯
for IAM, encryption (at rest/in transit), secrets management, and key management aligned with ISO 27001/27019 and NIS2. Review and select third-party security solutions; lead duediligence with EPC, O&M, and SCADA vendors. Serve as SME for compliance frameworks such as ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls. Collaborate with the More ❯
to help them navigate complex technological shifts in a fast-paced, digital world. You will engage with challenging projects such as cost-reduction strategies, de-risking models, and tech due diligence. In an agile approach, you will assess and coach client technology teams, define digital roadmaps, and develop architecture options, including carve-out and PMI scenarios. You will develop More ❯
with impact and influence. A strong analytical and strategic mindset with TPRM program development skills. A focus on problem-solving and good decision-making skills. Strong knowledge of the DueDiligence world, third-party risk, and TPRM program development. A “can-do” attitude and a passion for tackling challenges and accomplishing tasks. A strategic, constructive mindset that aids More ❯
City of London, Greater London, UK Hybrid / WFH Options
NextEnergy Group
IAM, encryption-at-rest/in-transit, secrets management and key-management standards aligned with ISO 27001/27019 and NIS2 Review and select third-party security solutions; lead duediligence with EPC, O&M and SCADA vendors Serve as technical SME for compliance frameworks (ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls) Collaborate with the DPO More ❯
regulated financial services environment. Experience with modern workplace technologies (e.g., Azure Virtual Desktop, Power Platform, Microsoft Security Suite). Strong understanding of cybersecurity best practices and enterprise compliance frameworks. Duediligence assessment and experience with the technology integration of infrastructure and applications of newly acquired businesses. Executive presence with strong communication skills; capable of influencing senior stakeholders and More ❯
activities. Assist Team Leadership : Work alongside the Detection Team Lead to support team goals and uphold quality standards. Conduct In-Depth Reviews : Perform detailed checks on periodic and enhanced duediligence alerts to verify compliance and accuracy. Spot Emerging Trends : Use data analysis to identify new financial crime trends and patterns. Oversee Payment Reviews : Carry out payment reviews More ❯
London, England, United Kingdom Hybrid / WFH Options
NextEnergy Group
IAM, encryption-at-rest/in-transit, secrets management and key-management standards aligned with ISO 27001/27019 and NIS2 Review and select third-party security solutions; lead duediligence with EPC, O&M and SCADA vendors Serve as technical SME for compliance frameworks (ISO 27001, NIST CSF, GDPR, IEC 62443, CIS Controls) Collaborate with the DPO More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Doncaster, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and regulatory frameworks including More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Wolverhampton, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Chester, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Peterborough, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Basildon, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Chesterfield, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Lincoln, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯
Northampton, England, United Kingdom Hybrid / WFH Options
JR United Kingdom
You’ll Do Assess compliance with internal security policies and industry standards (e.g., ISO/IEC 27001/2, PCI-DSS). Conduct supplier risk assessments and third-party due diligence. Support vulnerability assessments, incident investigations, and operational resilience activities. Monitor the effectiveness of security controls to ensure confidentiality, integrity, and availability (CIA). Assist with security certifications and More ❯