TPRM Service Lead (South Africa - Remote) in Leeds

We have an exciting opportunity for a TPRM Service Lead to own the creation of Cognisys’s Third Party Risk Management service from the ground up - shaping a high-impact, automated capability that strengthens our GRC offering and cements our reputation as a serious, forward-thinking security consultancy. This is a visible, high-ownership role where your work will directly influence how clients experience our expertise and trust our judgement.

Cognisys is a leading Cyber Security company specialising in Penetration Testing, GRC Consulting, and Managed Security services. We pride ourselves on our customer service, forward-thinking approach and commitment to excellence. Our small but mighty team works with some of the best-known companies in the world, covering over 30 different countries across the globe!

The TPRM Service Lead role offers a unique opportunity to establish and define a brand-new service within Cognisys. You will play a central role in creating a capability that becomes a permanent and highly visible part of our professional identity and a cornerstone of our GRC offering.

Third Party Risk Management is increasingly critical to how organisations protect their data, operations, and reputation. By establishing a high-quality, highly automated TPRM service, you will directly contribute to strengthening Cognisys’s position as a serious, credible, and forward-thinking consultancy in the security and compliance space.

You will take full ownership of turning TPRM into a mature, trusted, and scalable service. From defining the methodology and automation strategy to building the delivery model and team capability, your work will have a visible and lasting impact on how clients perceive Cognisys and the value we bring to their security programmes.

This role is ideal for someone who is excited by ownership, influence, and service creation. You will be trusted to set standards, drive innovation, and embed excellence, helping Cognisys continue to grow its professional footing and reputation as a consultancy that delivers clarity, quality, and confidence in complex risk domains.

• Service Ownership & Strategy
  • Own the full design, delivery, and ongoing evolution of the Cognisys TPRM service.
  • Define the service vision, scope, and delivery model, ensuring it is robust, commercially viable, and aligned to real-world client needs.
  • Establish Cognisys as a trusted authority in third-party risk management through the quality and credibility of the service.
  • Work closely with leadership to position TPRM as a core pillar of the wider GRC offering.
• TPRM Delivery & Subject Matter Leadership
  • Act as the technical and risk authority for all TPRM engagements.
  • Define the methodology for vendor risk assessments, including inherent risk scoring, control evaluation, residual risk, and remediation tracking.
  • Ensure assessments align with recognised standards and best practice, such as ISO 27001, ISO 27036, SOC 2, NIST, and regulatory expectations where applicable.
  • Support complex or high-risk vendor assessments and act as the escalation point for challenging risk decisions.
  • Ensure outcomes are practical, proportionate, and genuinely useful to client security and procurement functions.
• Process Design & Automation
  • Design and implement end-to-end TPRM processes that are efficient, scalable, and automation-first.
  • Identify opportunities to reduce manual effort through workflow automation, tooling integration, templates, and structured data capture.
  • Build playbooks, assessment models, scoring frameworks, and reporting standards that ensure consistency and speed.
  • Continuously refine the service using metrics, feedback, and delivery insights to improve accuracy, turnaround time, and client experience.
• Client Engagement & Consultancy
  • Lead client conversations around third-party risk, helping them understand their exposure, priorities, and risk tolerance.
  • Translate client business context and regulatory pressure into an appropriate TPRM operating model.
  • Act as a trusted advisor, balancing security risk, operational reality, and commercial impact.
  • Support sales and presales activity by defining service scope, delivery approach, and pricing assumptions.
• Team Leadership & Capability Building
  • Build and lead the TPRM delivery team as the service grows.
  • Provide technical leadership, coaching, and quality assurance across all assessments.
  • Establish strong quality controls so risk decisions are defensible, consistent, and auditable.
  • Develop a culture of ownership, accuracy, and continuous improvement within the team.
• Quality, Risk & Governance
  • Ensure all risk assessments are defensible, repeatable, and aligned to client governance needs.
  • Maintain strong documentation, evidence handling, and audit-readiness across the service.
  • Ensure risk outputs support executive decision-making, not just compliance activity.
  • Protect the credibility of Cognisys by ensuring TPRM outputs stand up to regulatory, audit, and customer scrutiny.

Requirements

• Strong, hands-on experience in Third Party Risk Management within a consultancy, security services, SaaS, or regulated environment.
• Proven experience designing or operating TPRM frameworks, vendor assessment methodologies, and risk scoring models.
• Deep understanding of vendor security assessments, due diligence, and assurance techniques, including questionnaires, evidence review, and external attestations.
• Experience aligning TPRM to frameworks such as ISO 27001, SOC 2, NIST, and regulatory expectations.
• A strong process and automation mindset, with experience designing scalable, efficient operational workflows.
• Experience leading or mentoring others within a risk, compliance, or security delivery function.
• Excellent stakeholder management skills, with confidence engaging security teams, procurement, legal, and executive stakeholders.
• A pragmatic approach to risk that balances security integrity with business reality.
• A builder’s mindset, comfortable with ambiguity and excited by creating something from the ground up.

If you think you can deliver but don’t match the criteria above, please don’t be put off. We are very open-minded and focus on ability and attitude above skills.

What We Offer

• Annual Leave: 25 days per year, plus UK bank holidays.
• Additional Leave: 1 day of paid leave on your Birthday!
• Health & Wellbeing: Access to Westfield Health Care Cash Plan and our Employee Mental Health and Wellbeing platform.
• Professional Development: £2,000 annual training budget to support your continued learning and career growth.
• A dynamic and supportive work environment where customer care and innovation drive everything we do.
• Refer a friend bonus scheme, up to £2,000!

Why Join Us?

At Cognisys, you will be part of a collaborative and innovative team that values your input and shares support. You’ll have the opportunity to work on challenging projects that make a real impact for our clients. We’d love to hear from you if you want to challenge, lead and innovate!

We’re not just about the work; we’re about the people. Join a team where innovation is celebrated, and your contributions are valued. We foster a collaborative environment where fresh ideas thrive, and professional growth is encouraged.

Applications

Please feel free to reach out to Dom, our Head of Talent Acquisition, if you would like any further information, to discuss accessibility requirements, or if you require this information provided in an alternative format – hiring@cognisys.group

We welcome applications from candidates from a range of diverse backgrounds and can make various reasonable adjustments to consider individual needs.

NO RECRUITMENT AGENCIES, PLEASE