At a Glance
- Tasks: Lead third party risk assessments and support supplier security management.
- Company: Join M&S, a forward-thinking retail giant with a strong purpose.
- Benefits: Enjoy competitive holidays, bonuses, and 24/7 wellbeing support.
- Other info: Be part of an inclusive culture that values your unique contributions.
- Why this job: Make a real impact in cybersecurity while working with diverse teams.
- Qualifications: Experience in cybersecurity governance and strong stakeholder management skills.
The predicted salary is between 50000 - 60000 £ per year.
We are looking for an experienced Third Party Risk Management Specialist to support the assessment, management and ongoing improvement of supplier security risk across M&S. Working within our Cyber Security function, you will help ensure that third parties meet our security standards and contractual requirements throughout the full supplier lifecycle.
You will oversee third party security assessments, provide guidance to suppliers and internal teams, and support the development of our third party security risk management programme. This role is ideal for someone with strong cybersecurity governance experience, confident stakeholder management skills, and the ability to coach and support others in a fast-moving environment.
Due to high interest, this role may close earlier than advertised. We recommend applying as soon as possible.
What you'll do:
- Lead third party risk assessments across vendor selection, onboarding and ongoing monitoring
- Assess supplier security posture against M&S standards, identifying risks and recommending practical remediation actions
- Act as a key point of contact for suppliers, providing guidance on security queries, incidents and mitigation activity
- Support reporting on third party security risk posture, including KPIs, dashboards and management insight
- Collaborate with Legal, Procurement, Data Protection and Privacy teams to strengthen contractual security controls and improve the wider TPRM programme
Who you are:
- Strong experience in third party security, supplier risk management or cybersecurity governance
- Good understanding of cybersecurity risk assessment, reporting, policies, processes and standards
- Experience assessing third parties against organisational security requirements, ideally within a large or global organisation
- Strong analytical, organisation and time management skills, with the ability to manage multiple priorities and recommend practical improvements
- Excellent communication and stakeholder management skills, with confidence engaging suppliers, internal teams and coaching others
- Supporting qualifications in technology, information security or service management would be beneficial, such as COBIT, ITIL, a Computer Science degree or a Cyber Security degree.
What's in it for you?
Working at M&S means being part of something bigger - helping to deliver quality, value and service to millions of customers every day. We're inclusive, fast-moving and always evolving, with a strong sense of purpose and a focus on doing the right thing.
Here are just a few of the benefits that make working here even more rewarding:
- Competitive holiday allowance with the option to buy more
- Discretionary bonus schemes linked to your performance and ours
- Strong pension and life assurance to help plan for the future
- Tailored induction and training to support your development from day one
- Exclusive perks and savings through our M&S Choices portal
- Market-leading family policies, including parental, adoption and neonatal leave
- 24/7 wellbeing support, including virtual GP access and mental health services
- One paid volunteer day a year to support a cause that matters to you
Everyone's welcome. We are ambitious about the future of retail. We're disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We're transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.
We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don't hesitate to let us know when completing your application. This information will be picked up by our team so we can help you perform at your best.
TPRM Specialist employer: Marks and Spencer
Marks & Spencer is an exceptional employer, offering a dynamic work environment where innovation and inclusivity thrive. As a TPRM Specialist, you will benefit from competitive holiday allowances, tailored training, and comprehensive wellbeing support, all while contributing to a purpose-driven organisation that values employee growth and community engagement. Join us in shaping the future of retail and enjoy unique perks that enhance your work-life balance.
StudySmarter Expert Advice🤫
We think this is how you could land TPRM Specialist
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Marks and Spencer, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Marks and Spencer
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Marks and Spencer. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace TPRM Specialist
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Marks and Spencer insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Marks and Spencer that you’re committed to staying ahead in the game.
How to prepare for a job interview at Marks and Spencer
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Marks and Spencer to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Marks and Spencer.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
