Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct third-party cyber assessments and manage supplier risks effectively.
- Company: Join RSA, a leading insurance provider transforming the industry with a people-first approach.
- Benefits: Enjoy hybrid working, flexible hours, and up to 11% pension contributions.
- Why this job: Be part of a diverse team making a meaningful impact in cybersecurity.
- Qualifications: 5-7 years in cybersecurity with experience in third-party/vendor risk management required.
- Other info: We celebrate individuality and support inclusive environments for all applicants.
The predicted salary is between 43200 - 72000 £ per year.
Introduction
At RSA, we believe insurance is about people, not things. We provide our inspiring colleagues the support and opportunity to grow together, shape the future, and win as a team. We are going through a transformation journey, providing our people with opportunity to be integral to improving our service and delivering better products to brokers and customers. We are a proud member of the Intact family, we feel part of something bigger, with a presence in North America, the UK and Europe.
We have a bold ambition to become the best Commercial Lines business in the UK, demonstrated by our recent acquisition of NIG and Farmweb, allowing us to scale by leveraging our combined financial strength and importantly ensure our people feel the benefits of our joint capabilities.
We are currently recruiting for a Third-Party Cyber Risk Consultant to join our established and experienced Chief Information Office team here at RSA on a hybrid basis. This Position will be a 6 Month FTC.
Your Role
The Third-Party Cyber Risk Consultant reports to the Third-Party Cyber Risk Manager within the CISO Information Security team.
The role is responsible for completing ongoing third-party cyber assessments based on the supplier’s inherent risk rating within the required and assisting process improvements. You will ensure that third-party cyber assessments align with RSA’s security policies, standards, and risk appetite, and that any risks are identified, assessed, and appropriately managed throughout the lifecycle of the supplier.
You will work closely with business stakeholders, the wider CISO Information Security Team, and third parties. This will include acting as a cyber risk domain SME for the central Third-Party Management function.
You will be highly organised, self-driven, and act with integrity, bringing hands-on experience using Hellios, Bitsight, OneTrust, O365, and automated third-party risk management (TPRM) platforms.
About You
We are looking for an individual that is highly organised, self-driven, and act with integrity, bringing hands-on experience using Hellios, Bitsight, OneTrust, O365, and automated third-party risk management (TPRM) platforms. You will have demonstrated ability to conduct third-party security risk assessments, including due diligence, risk scoring, and remediation planning as well as having Hands-on experience using online questionnaires, spreadsheets.
You must have at least 5–7 years of experience in cybersecurity, with a focus on third-party/vendor risk and familiarity with frameworks like NIST CSF, ISO 27001, SOC 2, and GDPR compliance. You will also be Supporting audits and control validations related to third-party risk, maintaining a register of third-party risks and tracking remediation. This will include producing reports and MI on third-party cyber risk posture and supporting control validations or audits conducted by 2nd and 3rd lines of defence Producing security reports and MI
In the role we are looking for someone who has core skills such as influencing others, building effective relationships and being able to make things happen. We are looking for an individual with Good interpersonal skills and experience interfacing with the wider security, technology and business communities to help deliver the security solutions and being motivated by by technical security and risk management challenges.
What We Offer You
At RSA we put our people first. We have adopted hybrid working as standard, to give you a better work/life balance and an excellent flexible working mindset. That is on top of a comprehensive range of benefits, including pension contributions of up to 11% looking after you now, and in the future.
We will give you countless opportunities to continuously develop, alongside a diverse and passionate community of experts, the best the industry has to offer. You will be empowered to be your best self, do your best work, and make a meaningful impact. Our employee promise allows you to shape the future, win as a team, and grow with us.
About Us
We celebrate individuality and it is important to us that we have a culture where our people feel respected and valued for who they are. We pride ourselves on being accessible and encourage inclusive environments where our people can always give and show the very best of themselves.
We understand that home life is a priority and are happy to consider reduced hours or job shares.
If you think you would be a great fit for us, but do not meet all the requirements of the role, please contact us as we would love to discuss how RSA could be the next step in your career journey.
As a Disability Confident employer, we will ensure that a fair and proportionate number of disabled applicants that meet the minimum criteria for this position will be offered an interview.
If you wish to be considered under the scheme then please answer yes to the question Do you wish to be considered under the Disability Confident Scheme? in RSAs application form
Please let us know if there are any changes we could make to the application process to make it easier and more comfortable for you. Contact our recruitment team so we can work with you to support you throughout your application.
#J-18808-Ljbffr
Third-Party Cyber Risk Consultant (FTC) employer: RSA
Contact Detail:
RSA Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Third-Party Cyber Risk Consultant (FTC)
✨Tip Number 1
Familiarise yourself with the specific tools mentioned in the job description, such as Hellios, Bitsight, and OneTrust. Having hands-on experience or even a basic understanding of these platforms can set you apart during discussions.
✨Tip Number 2
Brush up on your knowledge of cybersecurity frameworks like NIST CSF, ISO 27001, and GDPR compliance. Being able to discuss how these frameworks apply to third-party risk management will demonstrate your expertise and commitment to the role.
✨Tip Number 3
Network with professionals in the cybersecurity field, especially those who have experience in third-party risk assessments. Engaging in conversations about industry trends and challenges can provide valuable insights and potentially lead to referrals.
✨Tip Number 4
Prepare to showcase your interpersonal skills during the interview. Think of examples where you've successfully influenced others or built effective relationships, as these are key attributes RSA is looking for in a candidate.
We think you need these skills to ace Third-Party Cyber Risk Consultant (FTC)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in cybersecurity, particularly focusing on third-party/vendor risk. Include specific tools and frameworks you've worked with, such as Hellios, Bitsight, OneTrust, and NIST CSF.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cybersecurity and how your skills align with RSA's mission. Mention your ability to build relationships and influence others, as these are key traits they are looking for.
Showcase Relevant Experience: When detailing your work history, emphasise your hands-on experience conducting third-party security risk assessments and your familiarity with compliance frameworks like ISO 27001 and SOC 2. Use specific examples to demonstrate your expertise.
Highlight Soft Skills: RSA values interpersonal skills and the ability to interface with various teams. Make sure to include examples of how you've successfully collaborated with stakeholders or led initiatives that required strong communication and relationship-building skills.
How to prepare for a job interview at RSA
✨Showcase Your Cybersecurity Knowledge
Make sure to brush up on your knowledge of cybersecurity frameworks like NIST CSF, ISO 27001, and GDPR compliance. Be prepared to discuss how you've applied these in previous roles, especially in relation to third-party/vendor risk.
✨Demonstrate Your Organisational Skills
As the role requires being highly organised, come prepared with examples of how you've managed multiple projects or assessments simultaneously. Highlight any tools or methodologies you use to stay organised, such as automated TPRM platforms.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think about past experiences where you identified and managed risks in third-party relationships, and be ready to explain your thought process.
✨Emphasise Relationship-Building Skills
Since the role involves working closely with various stakeholders, be ready to discuss how you've built effective relationships in the past. Share specific examples of how your interpersonal skills have helped you influence others and achieve results.
