Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead third-party risk assessments and enhance cyber security governance.
- Company: Globally renowned reinsurance company with a strong focus on security.
- Benefits: Competitive salary of Ā£155,000 plus bonuses and exceptional benefits.
- Why this job: Make a real impact in cyber security while working in a flexible hybrid model.
- Qualifications: Bachelor's degree in Cyber Security or related field with 7+ years of experience.
- Other info: Join a dynamic team with opportunities for professional growth and development.
The predicted salary is between 108000 - 162000 Ā£ per year.
Job Description
Oliver James are partnered with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Lead. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.
Oliver James are partnered with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Lead. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.
Based in the City of London with a flexible hybrid model (average 4 days on-site), this position carries a package of cĀ£155,000 inclusive of bonus and LTIP and exclusive of exceptional benefits and annual/loyalty bonuses.
Key Responsibilities
-
Third-Party Risk Management:Lead and own the third-party vendor risk assessment process across a portfolio of 100-120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks.
-
Governance, Risk & Compliance (GRC):Actively contribute to broader GRC initiatives, including:
-
Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management).
-
Designing and deploying security awareness programs (e.g., phishing simulations, training content).
-
Assisting with internal and external audit responses (e.g., NYSDFS, MAS, APRA, Lloyd's) and regulatory reporting.
-
Supporting client due diligence processes with robust documentation and communication.
-
-
Security Controls and Collaboration:Research and interpret both technical and non-technical security controls. Collaborate with infrastructure, engineering, and business teams to ensure appropriate control implementation aligned with organisational security goals.
-
Executive Reporting:Track, prioritise, and report on risk and compliance status, key issues, and mitigation progress to leadership teams.
Key Requirements
-
Bachelor's degree in Cyber Security, Information Technology, or a related STEM discipline.
-
Minimum 7 years' experience in Information Security GRC, ideally within a large, global enterprise.
-
Strong understanding of the interplay between Security, Infrastructure, and Engineering teams.
-
Demonstrated experience with third-party risk management and vendor assessments.
-
Excellent analytical, communication, and record-keeping skills, with an audit-oriented mindset.
Highly Desirable Experience
-
Familiarity with TPRM tools (e.g., SecurityScorecard, BitSight, RiskRecon).
-
Experience working with GRC platforms (e.g., Drata, Vanta, OneTrust).
-
Previous involvement in regulatory audits across frameworks such as NYSDFS, MAS, APRA, Lloyd's, etc.
Certifications (Preferred)
-
CISSP, CISA, CISM, or equivalent professional security certifications.
Cyber Security GRC & Third Party Risk Management Leader employer: Oliver James
Contact Detail:
Oliver James Recruiting Team
StudySmarter Expert Advice š¤«
We think this is how you could land Cyber Security GRC & Third Party Risk Management Leader
āØTip Number 1
Network like a pro! Get out there and connect with folks in the cyber security field. Attend industry events, webinars, or even local meetups. You never know who might have the inside scoop on job openings or can put in a good word for you.
āØTip Number 2
Show off your expertise! Create a personal website or LinkedIn profile that highlights your skills in GRC and TPRM. Share articles, insights, or even case studies related to cyber security. This not only showcases your knowledge but also makes you more memorable to potential employers.
āØTip Number 3
Prepare for interviews like itās game day! Research the companyās security posture and be ready to discuss how your experience aligns with their needs. Think about specific examples from your past roles that demonstrate your ability to manage vendor risk and compliance effectively.
āØTip Number 4
Donāt forget to apply through our website! Weāve got loads of opportunities waiting for you. Plus, applying directly can sometimes give you an edge over other candidates. So, get your application in and letās land that dream job together!
We think you need these skills to ace Cyber Security GRC & Third Party Risk Management Leader
Some tips for your application š«”
Tailor Your CV: Make sure your CV is tailored to the Cyber Security GRC & TPRM role. Highlight relevant experience, especially in vendor risk management and compliance. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how your background makes you a perfect fit for this role. Let us know what excites you about working with us!
Showcase Your Achievements: When detailing your experience, focus on specific achievements rather than just duties. Quantify your successes where possible, like improvements in risk assessment processes or successful audits. We love numbers that tell a story!
Apply Through Our Website: We encourage you to apply directly through our website. Itās the best way for us to receive your application and ensures youāre considered for the role. Plus, itās super easy ā just a few clicks and youāre done!
How to prepare for a job interview at Oliver James
āØKnow Your Stuff
Make sure you brush up on your knowledge of Cyber Security GRC and Third-Party Risk Management. Familiarise yourself with key concepts, frameworks, and tools mentioned in the job description, like SOC 2 and ISO 27001. Being able to discuss these confidently will show that you're serious about the role.
āØShowcase Your Experience
Prepare specific examples from your past work that highlight your experience in vendor risk assessments and GRC initiatives. Use the STAR method (Situation, Task, Action, Result) to structure your answers, making it easy for the interviewer to see how you've successfully handled similar challenges before.
āØAsk Smart Questions
Interviews are a two-way street, so come armed with insightful questions about the company's security posture and their approach to third-party risk management. This not only shows your interest but also helps you gauge if the company aligns with your values and career goals.
āØBe Ready for Technical Discussions
Expect to dive into technical discussions about security controls and compliance frameworks. Brush up on your understanding of how different teams collaborate on security initiatives. Being able to articulate this will demonstrate your ability to work cross-functionally, which is crucial for this role.
