Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Shape frameworks for managing third-party cyber security risk and engage stakeholders across the organisation.
- Company: Join a global leader in cyber security transformation with a collaborative culture.
- Benefits: Competitive day rate, hybrid work model, and opportunities for professional growth.
- Why this job: Make a real impact on how organisations manage cyber risk in a dynamic environment.
- Qualifications: Strong analytical skills and experience in supplier risk or third-party risk concepts.
- Other info: Be part of a dedicated team driving a multi-year transformation programme.
Location: Reading (Hybrid, 2 days per week)
Duration: Initial 6 Months
Contract Type: Day Rate Inside IR35
Are you energised by building structure where there is none, shaping frameworks that drive consistency, and influencing how organisations manage cyber risk? This role offers the opportunity to play a pivotal part in a multi‑year cyber security transformation programme focused on strengthening third‑party and supplier risk management across a diverse, global business landscape.
You’ll join a dedicated cyber transformation team working across Procurement, Legal, Cyber Security, and Internal Audit to modernise how the organisation identifies, assesses, and manages critical suppliers. This is a hands‑on, analytical role ideal for someone who enjoys solving complex problems, engaging stakeholders, and designing practical, scalable solutions.
What You’ll Do
- Develop a Clear, Evidence‑Based Critical Supplier Definition
- Gather and analyse business requirements to shape a robust definition of “critical suppliers”.
- Design a structured, user‑friendly framework that enables consistent supplier classification across the organisation.
- Produce guidance materials, templates, and documentation to support long‑term adoption.
- Support Business Units in Identifying Critical Suppliers
- Engage stakeholders across multiple business units to embed the new framework.
- Facilitate workshops, discovery sessions, and one‑to‑one support to guide teams through applying the criteria.
- Consolidate outputs into a single, organisation‑wide view of critical suppliers.
- Strengthen Cyber Security Contract Addendums
- Analyse existing contract language to identify gaps in cyber, regulatory, and risk‑related clauses.
- Collaborate with Legal, Procurement, and Cyber Security teams to enhance contractual protections for critical suppliers.
- Support the creation of standardised, risk‑aligned contract language.
- Contribute Across the Third‑Party Risk Transformation Programme
- Provide business analysis expertise across additional workstreams.
- Support process design, requirements gathering, governance development, and documentation.
- Adapt to evolving priorities and help deliver a cohesive, multi‑phase transformation.
What You’ll Bring (Essential Skills & Experience)
This role is built for someone who is analytical, structured, and confident navigating complex stakeholder environments. The essential skills include:
- Strong ability to gather, analyse, and translate business requirements into clear, structured outputs
- Understanding of supplier risk, criticality, or third‑party risk concepts
- Experience designing frameworks, models, or assessment criteria (ideally in risk, procurement, or cyber)
- Ability to interpret or analyse contract clauses, particularly those relating to risk or security
- Excellent communication skills, with the ability to articulate complex ideas in a clear, business‑friendly way
- Adaptability, with comfort pivoting as programme priorities evolve
- Strong relationship‑building skills, especially in federated or decentralised environments
- Analytical mindset, able to evaluate processes, identify gaps, and propose improvements
Desirable Experience
- Experience working with Legal, Procurement, Audit, or Compliance teams
- Experience managing third‑party relationships or outsourced services
- Familiarity with structured analysis techniques
- Awareness of cyber‑related regulations (e.g., GDPR, NIS2, DORA)
- Knowledge of third‑party risk frameworks such as ISO/IEC 27001 or 27036
If you’re excited by the idea of shaping how a global organisation manages third‑party cyber security risk—and you thrive in environments where you can bring clarity, structure, and influence—this role offers a rare opportunity to make a meaningful impact.
Business Analyst (Third Party Cyber Security) in Slough employer: Caraffi
Contact Detail:
Caraffi Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Business Analyst (Third Party Cyber Security) in Slough
✨Tip Number 1
Network like a pro! Reach out to people in your industry on LinkedIn or at events. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Tailor your answers to show how your skills align with their needs, especially around cyber security and risk management.
✨Tip Number 3
Practice your problem-solving skills! Be ready to tackle case studies or hypothetical scenarios during interviews. Show them you can think on your feet and provide structured solutions.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace Business Analyst (Third Party Cyber Security) in Slough
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience with third-party risk and cyber security. We want to see how your skills align with the role, so don’t hold back on showcasing relevant projects or frameworks you've worked on!
Showcase Your Analytical Skills: Since this role is all about analysis and problem-solving, include specific examples of how you've gathered and translated business requirements in the past. We love seeing clear, structured outputs that demonstrate your analytical mindset.
Engage with Stakeholders: Highlight any experience you have in engaging with stakeholders across different teams. We’re looking for someone who can build relationships and facilitate discussions, so share instances where you’ve successfully navigated complex environments.
Apply Through Our Website: Don’t forget to submit your application through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. We can’t wait to see what you bring to the table!
How to prepare for a job interview at Caraffi
✨Know Your Cyber Security Basics
Before the interview, brush up on key concepts related to third-party cyber security risk. Understand frameworks like ISO/IEC 27001 and be ready to discuss how they apply to supplier management. This will show your potential employer that you’re not just familiar with the role but also passionate about the field.
✨Prepare Real-World Examples
Think of specific instances where you've successfully gathered and analysed business requirements or designed frameworks. Be ready to share these examples during the interview, as they’ll demonstrate your analytical skills and ability to influence stakeholders effectively.
✨Engage with Stakeholder Scenarios
Since this role involves working with various business units, prepare for questions about stakeholder engagement. Consider how you would facilitate workshops or support teams in applying new frameworks. Showing that you can navigate complex environments will set you apart.
✨Ask Insightful Questions
At the end of the interview, don’t forget to ask questions that reflect your interest in the transformation programme. Inquire about the current challenges they face in managing third-party risks or how they envision the role evolving. This shows you’re genuinely interested in contributing to their goals.