Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Manage cyber security assurance for 80+ suppliers and assess their technical security controls.
- Company: Join Tesco Insurance and Money Services, a leader in the industry.
- Benefits: Fully remote role with potential for long-term engagement and professional growth.
- Other info: Dynamic remote work environment with opportunities to challenge and innovate.
- Why this job: Make a real impact on supplier security in a hands-on cyber role.
- Qualifications: Strong background in cyber security and experience in Third Party Risk Management.
The predicted salary is between 60000 - 80000 £ per year.
Location: Fully Remote (UK-based)
Duration: 3 Months but likely to run until October 2026
About the Role
At Tesco Insurance and Money Services, we're looking for a technology focused Third Party Risk Manager to help us secure our third-party and supplier ecosystem. This is a hands-on cyber security assurance role, not focused on data protection or operational resilience. You'll assess and challenge the technical security controls of around 80 suppliers, including cloud providers, SaaS platforms, and managed service partners. You'll play a key role in ensuring suppliers meet our cyber security standards, ISO 27001 requirements, and broader technical security expectations.
What You'll Be Doing
- Own and manage cyber security assurance across ~80 third-party suppliers
- Carry out technical security assessments of cloud, SaaS, and infrastructure providers
- Review supplier controls including:
- Cloud security
- Identity & access management
- Network security
- Application security
What We're Looking For
Essential Experience
- Strong background in cyber security, infrastructure security, cloud security, or security engineering
- Proven experience in Third Party Risk Management (TPRM) or supplier assurance
- Experience performing technical security assessments of suppliers or systems
- Strong understanding of:
- Cloud security (AWS / Azure / GCP)
- IAM, network, and application security
Desirable
- ISO 27001 Lead Auditor certification
- CISSP, CISM, CRISC or similar
- Background in security engineering, cloud security, or infrastructure security
- Financial services or regulated environment experience
What You'll Bring
- A strong technical mindset and attention to detail
- Confidence challenging suppliers on security design and controls
- Ability to translate technical risk into clear outcomes
- Strong communication with both engineers and senior stakeholders
- Ownership of your supplier portfolio in a remote environment
Candidates will ideally show evidence of the above in their CV to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.
We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.
Third Party Risk Manager in Edinburgh employer: Pontoon
Contact Detail:
Pontoon Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Third Party Risk Manager in Edinburgh
✨Tip Number 1
Network like a pro! Reach out to people in the cyber security and risk management space. Join relevant online forums, LinkedIn groups, or even local meetups. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Prepare for interviews by brushing up on your technical knowledge. Make sure you can confidently discuss cloud security, ISO 27001 audits, and supplier assessments. Practise explaining complex concepts in simple terms – it’ll impress both engineers and senior stakeholders!
✨Tip Number 3
Showcase your hands-on experience! When you get the chance to chat with potential employers, highlight specific projects where you assessed third-party suppliers or managed security risks. Real-world examples will make you stand out from the crowd.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search. Let’s land that Third Party Risk Manager role together!
We think you need these skills to ace Third Party Risk Manager in Edinburgh
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience in cyber security and Third Party Risk Management. Use keywords from the job description to show we’re on the same page about what you bring to the table.
Showcase Your Technical Skills: Don’t hold back on detailing your technical skills, especially around cloud security and ISO 27001 audits. We want to see how you’ve tackled similar challenges in the past!
Be Clear and Concise: When writing your application, keep it clear and to the point. We appreciate straightforward communication, so make sure your key achievements stand out without fluff.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss any important updates from our team!
How to prepare for a job interview at Pontoon
✨Know Your Cyber Security Stuff
Make sure you brush up on your knowledge of cyber security, especially around cloud security and ISO 27001. Be ready to discuss specific technical controls and how they apply to third-party suppliers. This will show that you’re not just familiar with the concepts but can also engage in meaningful discussions about them.
✨Prepare for Technical Assessments
Since the role involves assessing technical security controls, practice explaining how you would evaluate a supplier's security posture. Think about how you would review evidence like penetration tests and SOC reports. Being able to articulate your assessment process will impress the interviewers.
✨Show Off Your Communication Skills
You’ll need to communicate effectively with both technical teams and senior stakeholders. Prepare examples of how you've successfully navigated these conversations in the past. Highlight your ability to translate complex technical risks into clear, actionable insights.
✨Demonstrate Ownership and Initiative
This role requires taking ownership of your supplier portfolio. Be ready to share examples of how you’ve managed similar responsibilities in previous roles. Discuss how you tracked and drove closure on security risks, showcasing your proactive approach to risk management.