Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Shape frameworks for managing third-party cyber security risk and engage stakeholders across the organisation.
- Company: Join a global leader in cyber security transformation with a collaborative culture.
- Benefits: Competitive day rate, hybrid work model, and opportunities for professional growth.
- Why this job: Make a real impact on how organisations manage cyber risk in a dynamic environment.
- Qualifications: Analytical mindset, strong communication skills, and experience in risk or procurement.
- Other info: Be part of a multi-year transformation programme with excellent career advancement potential.
Location: Reading (Hybrid, 2 days per week)
Duration: Initial 6 Months
Contract Type: Day Rate Inside IR35
Are you energised by building structure where there is none, shaping frameworks that drive consistency, and influencing how organisations manage cyber risk? This role offers the opportunity to play a pivotal part in a multi-year cyber security transformation programme focused on strengthening third-party and supplier risk management across a diverse, global business landscape.
You’ll join a dedicated cyber transformation team working across Procurement, Legal, Cyber Security, and Internal Audit to modernise how the organisation identifies, assesses, and manages critical suppliers. This is a hands-on, analytical role ideal for someone who enjoys solving complex problems, engaging stakeholders, and designing practical, scalable solutions.
What You’ll Do
- Develop a Clear, Evidence-Based Critical Supplier Definition
- Gather and analyse business requirements to shape a robust definition of “critical suppliers”.
- Design a structured, user-friendly framework that enables consistent supplier classification across the organisation.
- Produce guidance materials, templates, and documentation to support long-term adoption.
- Support Business Units in Identifying Critical Suppliers
- Engage stakeholders across multiple business units to embed the new framework.
- Facilitate workshops, discovery sessions, and one-to-one support to guide teams through applying the criteria.
- Consolidate outputs into a single, organisation-wide view of critical suppliers.
- Strengthen Cyber Security Contract Addendums
- Analyse existing contract language to identify gaps in cyber, regulatory, and risk-related clauses.
- Collaborate with Legal, Procurement, and Cyber Security teams to enhance contractual protections for critical suppliers.
- Support the creation of standardised, risk-aligned contract language.
- Contribute Across the Third-Party Risk Transformation Programme
- Provide business analysis expertise across additional workstreams.
- Support process design, requirements gathering, governance development, and documentation.
- Adapt to evolving priorities and help deliver a cohesive, multi-phase transformation.
What You’ll Bring (Essential Skills & Experience)
This role is built for someone who is analytical, structured, and confident navigating complex stakeholder environments. The essential skills include:
- Strong ability to gather, analyse, and translate business requirements into clear, structured outputs
- Understanding of supplier risk, criticality, or third-party risk concepts
- Experience designing frameworks, models, or assessment criteria (ideally in risk, procurement, or cyber)
- Ability to interpret or analyse contract clauses, particularly those relating to risk or security
- Excellent communication skills, with the ability to articulate complex ideas in a clear, business-friendly way
- Adaptability, with comfort pivoting as programme priorities evolve
- Strong relationship-building skills, especially in federated or decentralised environments
- Analytical mindset, able to evaluate processes, identify gaps, and propose improvements
Desirable Experience
- Experience working with Legal, Procurement, Audit, or Compliance teams
- Experience managing third-party relationships or outsourced services
- Familiarity with structured analysis techniques
- Awareness of cyber-related regulations (e.g., GDPR, NIS2, DORA)
- Knowledge of third-party risk frameworks such as ISO/IEC 27001 or 27036
If you’re excited by the idea of shaping how a global organisation manages third-party cyber security risk—and you thrive in environments where you can bring clarity, structure, and influence—this role offers a rare opportunity to make a meaningful impact.
Business Analyst (Third Party Cyber Security) in Reading employer: Caraffi
Contact Detail:
Caraffi Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Business Analyst (Third Party Cyber Security) in Reading
✨Tip Number 1
Network like a pro! Reach out to people in your industry on LinkedIn or at events. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Tailor your answers to show how your skills align with their needs, especially around cyber security and risk management.
✨Tip Number 3
Practice your problem-solving skills! Think of real-world scenarios where you’ve tackled complex issues. Be ready to share these examples during interviews to showcase your analytical mindset.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace Business Analyst (Third Party Cyber Security) in Reading
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with supplier risk and cyber security. We want to see how your skills align with the role, so don’t hold back on showcasing relevant projects or frameworks you've worked on!
Showcase Your Analytical Skills: Since this role is all about problem-solving and analysis, include examples of how you've tackled complex issues in the past. We love seeing a structured approach, so feel free to share any frameworks or methodologies you’ve used.
Engage with Our Values: Familiarise yourself with our company culture and values. When writing your application, reflect on how your personal values align with ours, especially around collaboration and innovation in cyber security.
Apply Through Our Website: We encourage you to submit your application through our website for the best chance of being noticed. It’s super easy, and it helps us keep track of all applications efficiently. Plus, we can’t wait to hear from you!
How to prepare for a job interview at Caraffi
✨Know Your Cyber Security Basics
Before the interview, brush up on key concepts related to third-party cyber security and risk management. Understand frameworks like ISO/IEC 27001 and be ready to discuss how they apply to supplier relationships.
✨Prepare Real-World Examples
Think of specific instances where you've successfully gathered and analysed business requirements or designed frameworks. Be prepared to share these examples, as they will demonstrate your analytical skills and ability to influence stakeholders.
✨Engage with Stakeholders
Showcase your relationship-building skills by discussing how you've engaged with various teams in the past. Prepare to explain how you facilitated workshops or supported teams in applying new frameworks, as this aligns with the role's responsibilities.
✨Communicate Clearly and Confidently
Practice articulating complex ideas in a straightforward manner. During the interview, focus on being clear and concise, especially when discussing your experience with contract analysis and risk-related clauses.