Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead third-party risk assessments and contribute to GRC initiatives in a dynamic environment.
- Company: Join a globally renowned reinsurance company with a strong focus on cyber security.
- Benefits: Competitive salary up to ÂŁ120,000 plus bonuses and exceptional benefits.
- Why this job: Make a real impact on cyber governance and vendor risk management.
- Qualifications: 7+ years in Information Security GRC and a degree in Cyber Security or related field.
- Other info: Flexible hybrid model with opportunities for professional growth and collaboration.
The predicted salary is between 72000 - 84000 ÂŁ per year.
Overview
Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third–Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation\’s security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.
Based in the City of London with a flexible hybrid model (average 4 days on–site), this position offers a competitive base salary of up to GBP120,000, with a total compensation package reaching GBP155,000 through exceptional benefits and annual/loyalty bonuses.
Key Responsibilities
- Third–Party Risk Management: Lead and own the third–party vendor risk assessment process across a portfolio of 100–120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks.
- Governance, Risk & Compliance (GRC): Actively contribute to broader GRC initiatives, including:
- Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management).
- Designing and deploying security awareness programs (e.g., phishing simulations, training content).
- Assisting with internal and external audit responses (e.g., NYSDFS, MAS, APRA, Lloyd\’s) and regulatory reporting.
- Supporting client due diligence processes with robust documentation and communication.
- Security Controls and Collaboration: Research and interpret both technical and non–technical security controls. Collaborate with infrastructure, engineering, and business teams to ensure appropriate control implementation aligned with organisational security goals.
- Executive Reporting: Track, prioritise, and report on risk and compliance status, key issues, and mitigation progress to leadership teams.
Key Requirements
- Bachelor\’s degree in Cyber Security, Information Technology, or a related STEM discipline.
- Minimum 7 years\’ experience in Information Security GRC, ideally within a large, global enterprise.
- Strong understanding of the interplay between Security, Infrastructure, and Engineering teams.
- Demonstrated experience with third–party risk management and vendor assessments.
- Excellent analytical, communication, and record–keeping skills, with an audit–oriented mindset.
Highly Desirable Experience
- Familiarity with TPRM tools (e.g., SecurityScorecard, BitSight, RiskRecon).
- Experience working with GRC platforms (e.g., Drata, Vanta, OneTrust).
- Previous involvement in regulatory audits across frameworks such as NYSDFS, MAS, APRA, Lloyd\’s, etc.
Certifications (Preferred)
- CISSP, CISA, CISM, or equivalent professional security certifications.
#J-18808-Ljbffr
Cyber Security GRC & Third Party Risk Lead employer: Oliver James
Contact Detail:
Oliver James Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Security GRC & Third Party Risk Lead
✨Network Like a Pro
Get out there and connect with people in the industry! Attend cyber security events, webinars, or local meetups. We can’t stress enough how important it is to build relationships; you never know who might have the inside scoop on job openings.
✨Show Off Your Skills
When you get the chance to chat with potential employers, don’t hold back! Share your experiences with third-party risk management and GRC initiatives. We want to hear about your successes and how you’ve tackled challenges in previous roles.
✨Tailor Your Approach
Before any interview, do your homework! Research the company’s security posture and be ready to discuss how you can contribute to their goals. We love seeing candidates who are genuinely interested and prepared to make an impact.
✨Apply Through Our Website
Don’t forget to apply through our website for the best chance at landing that dream job! We streamline the process and ensure your application gets the attention it deserves. Let’s get you into that Cyber Security GRC role!
We think you need these skills to ace Cyber Security GRC & Third Party Risk Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber Security GRC & Third Party Risk Lead role. Highlight your experience in vendor risk management and GRC initiatives, as these are key for us. Use specific examples that showcase your skills and achievements.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how your background aligns with our needs. Be sure to mention any relevant certifications or experiences that make you a great fit for the role.
Showcase Your Analytical Skills: Since this role requires strong analytical skills, don’t shy away from showcasing them in your application. Include examples of how you've tackled complex problems or improved processes in previous roles, especially in GRC or third-party risk management.
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it shows you're keen on joining our team!
How to prepare for a job interview at Oliver James
✨Know Your Stuff
Make sure you brush up on your knowledge of Cyber Security GRC and Third-Party Risk Management. Familiarise yourself with key frameworks like SOC 2 and ISO 27001, as well as the specific tools mentioned in the job description. This will show that you're not just interested in the role but also understand the technical aspects involved.
✨Showcase Your Experience
Prepare to discuss your past experiences in detail, especially those related to vendor risk assessments and GRC initiatives. Use the STAR method (Situation, Task, Action, Result) to structure your answers, highlighting how you've successfully managed risks and collaborated with teams in previous roles.
✨Ask Smart Questions
Come prepared with insightful questions about the company's current security posture and their approach to third-party risk management. This not only demonstrates your interest in the role but also gives you a chance to assess if the company aligns with your career goals.
✨Be Ready for Scenario-Based Questions
Expect to face scenario-based questions that test your problem-solving skills in real-world situations. Think about potential risks a company might face with vendors and how you would address them. This will help you showcase your analytical skills and your ability to think on your feet.
