Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead third-party risk assessments and enhance cyber security governance.
- Company: Globally renowned reinsurance company with a strong security focus.
- Benefits: Competitive salary of £155,000 plus bonuses and exceptional benefits.
- Why this job: Make a real impact on cyber security in a dynamic, hybrid work environment.
- Qualifications: 7+ years in Cyber Security GRC with strong analytical and communication skills.
- Other info: Opportunity for career growth in a collaborative and innovative setting.
The predicted salary is between 130000 - 180000 £ per year.
Oliver James are partnered with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third–Party Risk Management (TPRM) Lead. This role will play a crucial part in strengthening the organisation\’s security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.
Based in the City of London with a flexible hybrid model (average 4 days on-site), this position carries a package of cGBP155,000 inclusive of bonus and LTIP and exclusive of exceptional benefits and annual/loyalty bonuses.
Key Responsibilities
-
Third–Party Risk Management: Lead and own the third–party vendor risk assessment process across a portfolio of 100–120 vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks.
-
Governance, Risk & Compliance (GRC): Actively contribute to broader GRC initiatives, including:
-
Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management).
-
Designing and deploying security awareness programs (e.g., phishing simulations, training content).
-
Assisting with internal and external audit responses (e.g., NYSDFS, MAS, APRA, Lloyd\’s) and regulatory reporting.
-
Supporting client due diligence processes with robust documentation and communication.
-
-
Security Controls and Collaboration: Research and interpret both technical and non–technical security controls. Collaborate with infrastructure, engineering, and business teams to ensure appropriate control implementation aligned with organisational security goals.
-
Executive Reporting: Track, prioritise, and report on risk and compliance status, key issues, and mitigation progress to leadership teams.
Key Requirements
-
Bachelor\’s degree in Cyber Security, Information Technology, or a related STEM discipline.
-
Minimum 7 years\’ experience in Information Security GRC, ideally within a large, global enterprise.
-
Strong understanding of the interplay between Security, Infrastructure, and Engineering teams.
-
Demonstrated experience with third–party risk management and vendor assessments.
-
Excellent analytical, communication, and record–keeping skills, with an audit–oriented mindset.
Highly Desirable Experience
-
Familiarity with TPRM tools (e.g., SecurityScorecard, BitSight, RiskRecon).
-
Experience working with GRC platforms (e.g., Drata, Vanta, OneTrust).
-
Previous involvement in regulatory audits across frameworks such as NYSDFS, MAS, APRA, Lloyd\’s, etc.
Certifications (Preferred)
-
CISSP, CISA, CISM, or equivalent professional security certifications.
#J-18808-Ljbffr
Cyber Security GRC & Third Party Risk Management Leader employer: Oliver James
Contact Detail:
Oliver James Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Security GRC & Third Party Risk Management Leader
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the cyber security field. Attend industry events, join online forums, and don’t be shy about reaching out on LinkedIn. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio or a personal website showcasing your projects, certifications, and any relevant experience. This is your chance to shine and demonstrate what you can bring to the table beyond just a CV.
✨Tip Number 3
Prepare for interviews like it’s a big game day! Research the company, understand their security posture, and be ready to discuss how you can strengthen it. Practice common interview questions and have your own questions ready to show your interest.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities that might just be the perfect fit for you. Plus, applying directly can sometimes give you a leg up in the hiring process.
We think you need these skills to ace Cyber Security GRC & Third Party Risk Management Leader
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber Security GRC & TPRM role. Highlight relevant experience and skills that match the job description, especially around vendor risk management and compliance.
Craft a Compelling Cover Letter: Your cover letter should tell us why you're the perfect fit for this role. Share specific examples of your past achievements in GRC and third-party risk management to grab our attention.
Showcase Your Certifications: If you've got any relevant certifications like CISSP or CISA, make them stand out! These can really boost your application and show us you're serious about your professional development.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for this exciting opportunity!
How to prepare for a job interview at Oliver James
✨Know Your Stuff
Make sure you brush up on your knowledge of Cyber Security GRC and Third-Party Risk Management. Familiarise yourself with key concepts, frameworks, and tools mentioned in the job description, like SOC 2, ISO 27001, and TPRM tools. This will not only help you answer questions confidently but also show your genuine interest in the role.
✨Showcase Your Experience
Prepare to discuss your past experiences in detail, especially those that relate to vendor risk assessments and GRC initiatives. Use the STAR method (Situation, Task, Action, Result) to structure your answers, highlighting how you've successfully managed risks and collaborated with teams in previous roles.
✨Ask Smart Questions
Interviews are a two-way street, so come armed with insightful questions about the company's security posture, their approach to regulatory compliance, and how they measure success in this role. This shows that you're not just interested in the position, but also in how you can contribute to their goals.
✨Be Ready for Technical Discussions
Since this role involves collaboration with technical teams, be prepared to discuss both technical and non-technical security controls. Brush up on your understanding of how these controls work together and be ready to explain them clearly, as this will demonstrate your ability to bridge the gap between different teams.