Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct third-party cyber assessments and manage supplier risks effectively.
- Company: Join RSA, a leading insurance provider focused on people and innovation.
- Benefits: Enjoy hybrid working, flexible hours, and up to 11% pension contributions.
- Why this job: Be part of a transformative journey in cybersecurity with a supportive team culture.
- Qualifications: 5-7 years in cybersecurity with experience in third-party/vendor risk management required.
- Other info: We celebrate diversity and encourage applicants from all backgrounds.
The predicted salary is between 43200 - 72000 £ per year.
At RSA, we believe insurance is about people, not things. We provide our inspiring colleagues the support and opportunity to grow together, shape the future, and win as a team. We are going through a transformation journey, providing our people with opportunity to be integral to improving our service and delivering better products to brokers and customers. We are a proud member of the Intact family, we feel part of something bigger, with a presence in North America, the UK and Europe.
We have a bold ambition to become the best Commercial Lines business in the UK, demonstrated by our recent acquisition of NIG and Farmweb, allowing us to scale by leveraging our combined financial strength and importantly ensure our people feel the benefits of our joint capabilities.
We are currently recruiting for a Third-Party Cyber Risk Consultant to join our established and experienced Chief Information Office team here at RSA on a hybrid basis. This Position will be a 6 Month FTC.
Your Role
The Third-Party Cyber Risk Consultant reports to the Third-Party Cyber Risk Manager within the CISO Information Security team.
The role is responsible for completing ongoing third-party cyber assessments based on the supplier’s inherent risk rating within the required and assisting process improvements. You will ensure that third-party cyber assessments align with RSA’s security policies, standards, and risk appetite, and that any risks are identified, assessed, and appropriately managed throughout the lifecycle of the supplier.
You will work closely with business stakeholders, the wider CISO Information Security Team, and third parties. This will include acting as a cyber risk domain SME for the central Third-Party Management function.
You will be highly organised, self-driven, and act with integrity, bringing hands-on experience using Hellios, Bitsight, OneTrust, O365, and automated third-party risk management (TPRM) platforms.
About You
We are looking for an individual that is highly organised, self-driven, and act with integrity, bringing hands-on experience using Hellios, Bitsight, OneTrust, O365, and automated third-party risk management (TPRM) platforms. You will have demonstrated ability to conduct third-party security risk assessments, including due diligence, risk scoring, and remediation planning as well as having Hands-on experience using online questionnaires, spreadsheets.
You must have at least 5–7 years of experience in cybersecurity, with a focus on third-party/vendor risk and familiarity with frameworks like NIST CSF, ISO 27001, SOC 2, and GDPR compliance. You will also be Supporting audits and control validations related to third-party risk, maintaining a register of third-party risks and tracking remediation. This will include producing reports and MI on third-party cyber risk posture and supporting control validations or audits conducted by 2nd and 3rd lines of defence Producing security reports and MI
In the role we are looking for someone who has core skills such as influencing others, building effective relationships and being able to make things happen. We are looking for an individual with Good interpersonal skills and experience interfacing with the wider security, technology and business communities to help deliver the security solutions and being motivated by by technical security and risk management challenges.
What we offer you
At RSA we put our people first. We have adopted hybrid working as standard, to give you a better work/life balance and an excellent flexible working mindset. That is on top of a comprehensive range of benefits, including pension contributions of up to 11% looking after you now, and in the future.
We will give you countless opportunities to continuously develop, alongside a diverse and passionate community of experts, the best the industry has to offer. You will be empowered to be your best self, do your best work, and make a meaningful impact. Our employee promise allows you to shape the future, win as a team, and grow with us.
About Us
We celebrate individuality and it is important to us that we have a culture where our people feel respected and valued for who they are. We pride ourselves on being accessible and encourage inclusive environments where our people can always give and show the very best of themselves.
We understand that home life is a priority and are happy to consider reduced hours or job shares.
If you think you would be a great fit for us, but do not meet all the requirements of the role, please contact us as we would love to discuss how RSA could be the next step in your career journey.
As a Disability Confident employer, we will ensure that a fair and proportionate number of disabled applicants that meet the minimum criteria for this position will be offered an interview.
If you wish to be considered under the scheme then please answer yes to the question Do you wish to be considered under the Disability Confident Scheme? in RSAs application form
Please let us know if there are any changes we could make to the application process to make it easier and more comfortable for you. Contact our recruitment team so we can work with you to support you throughout your application.
#J-18808-Ljbffr
Third-Party Cyber Risk Consultant (FTC) employer: RSA Group
Contact Detail:
RSA Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Third-Party Cyber Risk Consultant (FTC)
✨Tip Number 1
Familiarise yourself with the specific tools mentioned in the job description, such as Hellios, Bitsight, and OneTrust. Having hands-on experience or even a basic understanding of these platforms can set you apart from other candidates.
✨Tip Number 2
Network with professionals in the cybersecurity field, especially those who have experience in third-party risk management. Engaging with them on platforms like LinkedIn can provide insights into the role and potentially lead to referrals.
✨Tip Number 3
Stay updated on the latest trends and regulations in cybersecurity, particularly around frameworks like NIST CSF and GDPR compliance. This knowledge will not only help you in interviews but also demonstrate your commitment to the field.
✨Tip Number 4
Prepare to discuss your previous experiences in conducting third-party security risk assessments. Be ready to share specific examples of how you've identified and managed risks, as this will showcase your expertise and problem-solving skills.
We think you need these skills to ace Third-Party Cyber Risk Consultant (FTC)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in cybersecurity, particularly focusing on third-party/vendor risk. Include specific tools and frameworks you've worked with, such as Hellios, Bitsight, OneTrust, and NIST CSF.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cybersecurity and how your skills align with RSA's mission. Mention your ability to build relationships and influence others, as these are key traits they are looking for.
Showcase Relevant Experience: When detailing your work history, emphasise your hands-on experience conducting third-party security risk assessments and your familiarity with compliance frameworks like ISO 27001 and GDPR. Use specific examples to demonstrate your expertise.
Highlight Soft Skills: RSA values interpersonal skills and the ability to interface with various teams. Make sure to include examples of how you've successfully collaborated with stakeholders or led initiatives in previous roles.
How to prepare for a job interview at RSA Group
✨Understand the Role
Make sure you have a solid grasp of what the Third-Party Cyber Risk Consultant role entails. Familiarise yourself with the key responsibilities, such as conducting third-party security risk assessments and working with various cybersecurity frameworks like NIST CSF and ISO 27001.
✨Showcase Your Experience
Prepare to discuss your hands-on experience with tools like Hellios, Bitsight, and OneTrust. Be ready to provide specific examples of how you've conducted risk assessments and managed third-party risks in previous roles.
✨Demonstrate Interpersonal Skills
Since the role involves building effective relationships with stakeholders, be prepared to share examples of how you've influenced others and collaborated with different teams. Highlight your ability to communicate complex security concepts in an understandable way.
✨Ask Insightful Questions
Prepare thoughtful questions about RSA's approach to third-party risk management and their security policies. This shows your genuine interest in the company and helps you assess if it's the right fit for you.
