Senior Vendor Security Analyst

Role Overview: Senior Vendor Security Analyst – National Energy System Operator (NESO).

Location: Wokingham or Warwick offices, hybrid working arrangements available.

The role requires National Security Vetting (NSV) clearance. Applicants must have lived in the UK for the last five years to qualify for clearance.

This position supports the Vendor Security Manager and oversees NESO’s vendor lifecycle, tooling, and assurance activities within the Vendor Security Management (VSM) function.

Key Accountabilities:

• Lead and quality‑assure inherent risk assessments, ensuring consistency and accuracy across the team.
• Oversee junior analysts in onboarding and triaging new vendors, including profiling and tiering via NESO’s vendor platform.
• Manage issuance and validation of assurance questionnaires, ensuring timely vendor engagement and follow‑up.
• Act as point of escalation for junior team members on vendor risk assessment and threat intelligence monitoring.
• Develop and maintain standard operating procedures (SOPs), triage templates, and guidance documentation.
• Drive automation and tooling enhancements to streamline assurance and reporting processes.
• Represent the VSM function in transformation planning, capability assessments, and stakeholder workshops.
• Provide coaching and oversight to junior analysts, supporting development and knowledge transfer.
• Collaborate with internal teams (Procurement, GRC, Legal) to embed security controls into vendor lifecycle processes.

About You:

• Demonstrable experience in a senior security, compliance, or vendor risk role within a regulated industry.
• Led or contributed to transformation initiatives, including tooling implementation, process redesign, or capability uplift.
• Experience managing assurance workflows, risk assessments, and vendor engagement at scale.
• Familiarity with BAU transition planning, including RACI development, maturity assessments, and continuous improvement cycles.
• Degree or equivalent experience in cyber security, risk management, or a related discipline.
• In‑depth knowledge of third‑party risk management frameworks (e.g., NCSC), regulatory compliance (e.g., GDPR, NIS), and data protection principles.
• Preferably a cyber security qualification such as ISO27001 Lead Implementer or CompTIA Security+.
• Proficiency with risk and assurance platforms such as Prevalent and BitSight.
• Advanced skills in Microsoft365 (Excel, SharePoint, PowerPoint) and process documentation.
• Excellent communication and stakeholder engagement skills, with the ability to influence across technical and non‑technical audiences.

What You’ll Get:

• Competitive salary of £56,000–£63,000, dependent on experience and capability.
• Performance‑based bonus.
• 26 days annual leave.
• Contributory pension scheme with double match up to a maximum company contribution of 12%.
• Annual enrollment into the NESO Savings Plan (50% matching contribution on savings between £20–£500 a month).
• Flexible benefits programme, including flexible bank holidays, extra birthday day off, cycle‑to‑work scheme, retail and gym discounts, private medical insurance, critical illness insurance, and personal accident insurance.

Equal Opportunity Statement:

NESO is committed to building a diverse, inclusive, and authentic workplace. We encourage all candidates, including those who may not meet every qualification, to apply. We celebrate the difference people can bring into our organisation and welcome applicants with diverse experiences and backgrounds. We provide a fair, inclusive recruitment process and do not discriminate on the basis of gender, disability, age, race, ethnicity, sexual orientation, marital status, or any other protected characteristic.