Cyber Security GRC & Third Party Risk Lead

Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.

Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.

Based in the City of London with a flexible hybrid model (average 4 days on-site), this position offers a competitive base salary of up to £120,000, with a total compensation package reaching £155,000 through exceptional benefits and annual/loyalty bonuses.

• Third-Party Risk Management: Lead and own the third-party vendor risk assessment process across a portfolio of 100-120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks.

• Governance, Risk & Compliance (GRC): Actively contribute to broader GRC initiatives, including:

  • Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management).

  • Designing and deploying security awareness programs (e.g., phishing simulations, training content).

  • Assisting with internal and external audit responses (e.g., NYSDFS, MAS, APRA, Lloyd's) and regulatory reporting.

  • Supporting client due diligence processes with robust documentation and communication.

• Security Controls and Collaboration: Research and interpret both technical and non-technical security controls. Collaborate with infrastructure, engineering, and business teams to ensure appropriate control implementation aligned with organisational security goals.

• Executive Reporting: Track, prioritise, and report on risk and compliance status, key issues, and mitigation progress to leadership teams.

• Bachelor's degree in Cyber Security, Information Technology, or a related STEM discipline.

• Minimum 7 years' experience in Information Security GRC, ideally within a large, global enterprise.

• Strong understanding of the interplay between Security, Infrastructure, and Engineering teams.

• Demonstrated experience with third-party risk management and vendor assessments.

• Excellent analytical, communication, and record-keeping skills, with an audit-oriented mindset.

• Familiarity with TPRM tools (e.g., SecurityScorecard, BitSight, RiskRecon).

• Experience working with GRC platforms (e.g., Drata, Vanta, OneTrust).

• Previous involvement in regulatory audits across frameworks such as NYSDFS, MAS, APRA, Lloyd's, etc.

• CISSP, CISA, CISM, or equivalent professional security certifications.