Third Party Risk Manager

Third Party Risk Manager - Belfast (Hybrid, Outside IR35) - £500 per day - 3 Months

We are seeking an experienced Third Party Risk Manager to oversee and enhance third-party cybersecurity and compliance practices across the enterprise. This critical role involves managing supplier risk assessments, ensuring regulatory alignment, and collaborating with cross-functional teams to maintain a robust and transparent third-party risk management framework.

Key Responsibilities:

• Maintain and evolve the Third-Party Risk Register, mapping vendors to business criticality, data access, and overall risk exposure.
• Conduct pre-contract due diligence and ongoing risk assessments for suppliers, service providers, and strategic partners.
• Review and negotiate security and data protection clauses within contracts, including breach notification, encryption, and audit rights.
• Monitor vendor compliance with SLAs, security standards, and regulatory obligations, escalating non-conformance where required.
• Coordinate third-party incident response and escalation procedures, ensuring prompt remediation and communication.
• Produce regular reporting on third-party risk posture for governance committees, senior stakeholders, and regulators.
• Align third-party risk practices with broader enterprise risk management and cybersecurity frameworks.

What You Will Ideally Bring:

• Deep understanding of regulatory frameworks, including NIS2, GDPR, ISO 27001, and sector-specific compliance obligations (eg, energy).
• Proven experience with vendor risk management frameworks such as SIG questionnaires, NIST SP 800-161, and third-party risk scoring methodologies.
• Strong background in contractual and SLA analysis, particularly around security clauses, data protection, and breach management.
• Hands-on experience conducting due diligence, risk profiling, and control validation for third parties.
• Familiarity with third-party risk platforms such as OneTrust, ProcessUnity, or Archer TPRM.

Contract Details:

• Duration: 3 months (with potential for extension)
• Day Rate: Up to £500 per day (Outside IR35)
• Location: Belfast (Hybrid - 3 days onsite/2 days remote)
• Start Date: ASAP
• Travel: Occasional travel to Belfast as required