We are looking for an experienced Third Party Risk Management Specialist to support the assessment, management and ongoing improvement of supplier security risk across M&S. Working within our Cyber Security function, you will help ensure that third parties meet our security standards and contractual requirements throughout the full supplier lifecycle.
You will oversee third party security assessments, provide guidance to suppliers and internal teams, and support the development of our third party security risk management programme. This role is ideal for someone with strong cybersecurity governance experience, confident stakeholder management skills, and the ability to coach and support others in a fast-moving environment.
Due to high interest, this role may close earlier than advertised. We recommend applying as soon as possible.
What you’ll do
Lead third party risk assessments across vendor selection, onboarding and ongoing monitoring
Assess supplier security posture against M&S standards, identifying risks and recommending practical remediation actions
Act as a key point of contact for suppliers, providing guidance on security queries, incidents and mitigation activity
Support reporting on third party security risk posture, including KPIs, dashboards and management insight
Collaborate with Legal, Procurement, Data Protection and Privacy teams to strengthen contractual security controls and improve the wider TPRM programme
Who you are
Strong experience in third party security, supplier risk management or cybersecurity governance
Good understanding of cybersecurity risk assessment, reporting, policies, processes and standards
Experience assessing third parties against organisational security requirements, ideally within a large or global organisation
Strong analytical, organisation and time management skills, with the ability to manage multiple priorities and recommend practical improvements
Excellent communication and stakeholder management skills, with confidence engaging suppliers, internal teams and coaching others
Supporting qualifications in technology, information security or service management would be beneficial, such as COBIT, ITIL, a Computer Science degree or a Cyber Security degree.
What’s in it for you?
Working at M&S means being part of something bigger - helping to deliver quality, value and service to millions of customers every day. We’re inclusive, fast-moving and always evolving, with a strong sense of purpose and a focus on doing the right thing.
Here are just a few of the benefits that make working here even more rewarding:
Competitive holiday allowance with the option to buy more
Discretionary bonus schemes linked to your performance and ours
Strong pension and life assurance to help plan for the future
Tailored induction and training to support your development from day one
Exclusive perks and savings through our M&S Choices portal
Market-leading family policies, including parental, adoption and neonatal leave
24/7 wellbeing support, including virtual GP access and mental health services
One paid volunteer day a year to support a cause that matters to you
Everyone’s welcome
We are ambitious about the future of retail. We’re disrupting, innovating and leading the industry into a more conscientious, inspiring digital era. We’re transforming how we work together and offering our most exciting opportunities yet. Marks & Spencer strives to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make change happen.
We are committed to building diverse and representative teams, where everyone can bring their whole selves to work and be at their best. We support each other and work together to win together.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team so we can help you perform at your best.
#LI-hybrid #hybridrole #LI-DR1
