Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Assess and manage cyber risks with third-party suppliers while ensuring operational resilience.
- Company: Join a global leader in finance with over 160 years of history.
- Benefits: Competitive salary, diverse teams, and opportunities for professional growth.
- Why this job: Make a real impact on cybersecurity and resilience in a dynamic environment.
- Qualifications: 5+ years in cyber or IT risk; degree-level education preferred.
- Other info: Collaborate with teams across Europe and enhance your career in a regulated industry.
The predicted salary is between 36000 - 60000 £ per year.
BBVA is a global company with more than 160 years of history that operates in more than 25 countries where we serve more than 80 million customers. We are more than 121,000 professionals working in multidisciplinary teams with profiles as diverse as financiers, legal experts, data scientists, developers, engineers and designers.
The Cybersecurity UK & CE team is responsible for the implementation and continuous improvement of the CIB Corporate Security programme across the region, working closely with technology, risk, and business stakeholders to deliver practical and proportionate security outcomes.
About the job:- Key Responsibilities:
- Third-Party Cyber & IT Risk:
- Assess third-party suppliers’ capability to manage technology and cyber risk.
- Support evaluation of residual risk following application of relevant control frameworks.
- Coordinate and perform due diligence and third-party competency validation for Tier 1 and Tier 2 suppliers prior to contract signature.
- Support contractual embedding of IT risk requirements, including risk-inclusive clauses.
- Obtain and assess third-party assurance artefacts (e.g. SOC, ISAE) where required.
- Track and support remediation of third-party risk findings ahead of contract renewal.
- Contribute to the development of proportionate exit strategies for critical suppliers.
- Support cyber-led third-party resilience activities, including dependency mapping and concentration risk assessment.
- Translate supplier risks into resilience considerations for important business services.
- Support development of realistic cyber and third-party disruption scenarios.
- Coordinate with relevant stakeholders to ensure resilience considerations are reflected consistently across plans and artefacts.
- Support cyber operational resilience activities, including service mapping, scenario coordination, and documentation.
- Assist with preparation and coordination of resilience exercises and follow-up actions.
- Contribute to clear, regulator-ready narratives aligned to UK and EU expectations.
- Support consistency of approach across UK & CE offices, including Milan, Paris, and Frankfurt.
- At least 5 years of experience in cyber risk, IT risk, third-party risk, or related disciplines within a regulated environment.
- Exposure to supplier risk assessment, control assurance, or contractual risk considerations.
- Some experience or interest in operational resilience, business continuity, or technology disruption scenarios.
- Comfortable working across Cyber, IT, Risk, Procurement, and business teams.
- Cyber-literate, with the ability to understand technology services, dependencies, and common failure modes.
- Familiarity with IT risk control concepts and third-party assurance artefacts (e.g. SOC, ISAE).
- Awareness of UK Operational Resilience requirements (BoE, PRA, FCA), and relevant European regulations (EBA, DORA, GDPR).
- Able to analyse, document, and explain complex supplier and service relationships.
- Strong coordination and stakeholder engagement skills.
- Clear, structured written communication suitable for risk and regulatory contexts.
- Organised and detail-oriented, with the ability to track actions across multiple parties.
- Able to operate independently, exercising sound judgement and escalating appropriately when required.
- Degree-level education or equivalent experience.
- Relevant certifications are advantageous but not required.
- English proficiency required; Spanish is a plus.
Please note that priority will be given to candidates who are eligible to work in the UK.
Skills:Business, Control Frameworks, Cyber Risks, Due Diligence, Information Technology (IT) Risk, Legal Practices, Risk Assessments, Supplier Risk Assessment, Third Party Risk Management.
Cyber & Third-Party Resilience Specialist employer: BBVA Group
Contact Detail:
BBVA Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber & Third-Party Resilience Specialist
✨Tip Number 1
Network like a pro! Connect with professionals in the cybersecurity field on LinkedIn. Join relevant groups, participate in discussions, and don’t hesitate to reach out for informational interviews. It’s all about making those connections that can lead to job opportunities.
✨Tip Number 2
Show off your skills! Create a personal website or portfolio showcasing your projects and achievements in cyber risk and third-party resilience. This gives potential employers a tangible look at what you can bring to the table.
✨Tip Number 3
Prepare for interviews by brushing up on common questions related to cyber risk and operational resilience. Practice articulating your experiences clearly and confidently. Remember, we want to see how you can contribute to our team!
✨Tip Number 4
Don’t just apply anywhere; focus on companies that align with your values and career goals. Use our website to find roles that excite you and fit your expertise. Tailor your approach to each application to stand out from the crowd!
We think you need these skills to ace Cyber & Third-Party Resilience Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber & Third-Party Resilience Specialist role. Highlight relevant experience in cyber risk and third-party assessments, and don’t forget to showcase your coordination skills!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about cybersecurity and how your background makes you a perfect fit for our team. Keep it concise but impactful!
Showcase Your Skills: In your application, be sure to highlight your familiarity with IT risk control concepts and any relevant certifications. We love seeing candidates who can clearly communicate complex ideas, so don’t hold back!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, you’ll join our Talent Community for future opportunities!
How to prepare for a job interview at BBVA Group
✨Know Your Cyber Stuff
Make sure you brush up on your knowledge of cyber risk and third-party resilience. Be ready to discuss specific frameworks and assurance artefacts like SOC and ISAE, as well as how they apply to the role. This shows you're not just familiar with the terms but can also apply them in real-world scenarios.
✨Showcase Your Coordination Skills
Since this role involves working across various teams, be prepared to share examples of how you've successfully coordinated with different stakeholders in the past. Highlight your ability to manage multiple parties and track actions effectively, as this will demonstrate your organisational skills.
✨Prepare for Scenario Questions
Expect questions that ask you to think through potential cyber disruption scenarios or third-party risks. Practise articulating your thought process on how you would handle these situations, including any relevant experience you have in operational resilience or business continuity.
✨Communicate Clearly and Confidently
Your written and verbal communication skills are crucial for this role. Practise explaining complex concepts in a clear and structured manner, especially in the context of risk and regulatory requirements. This will help you stand out as someone who can convey important information effectively.
