Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct risk assessments and ensure third-party compliance with security standards.
- Company: Join S&W Group, a leader in information security with a collaborative culture.
- Benefits: Enjoy competitive salary, private medical insurance, and generous holiday package.
- Why this job: Make a real impact in safeguarding our organisation from security threats.
- Qualifications: Experience in information security governance and risk management is essential.
- Other info: Hybrid working model with opportunities for professional development and a diverse workplace.
The predicted salary is between 36000 - 60000 £ per year.
S&W Group is looking for an experienced Information Security Risk Professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain and working on other governance, risk and compliance projects within a team. You’ll be highly motivated, pro-active and will become a productive member of a busy Information Security team, gaining exposure to a number of areas across the business.
As an Information Security Supply Chain Analyst, you’ll verify that third parties meet the minimum-security requirements to protect our organisation from a supply chain related attack or incident. You’ll apply relevant risk mitigations and deal with multiple stakeholders to ensure end to end treatment is applied. You’ll also be part of our PMO and governance and compliance processes and will deliver updates to senior management in meetings and information security forums, whilst ensuring the business remains compliant to regulatory frameworks and good practice standards.
This role works within the Information Security Team and collaborates with other teams such as Privacy, Legal, Group Risk, Infrastructure, SecOps and Procurement, providing you with great opportunities for stakeholder engagement – it’s a great time to join us at S&W.
This role is a permanent position to be based at our Liverpool office on a hybrid working pattern with minimum 2 days per week in the office. The interview process will be in two stages and will consist of one face to face interview at the Liverpool office.
Your responsibilities will include among others:
- Perform internal information security risk assessments and recommend mitigation actions to be implemented in solutions.
- Perform vendor risk assessments and due diligences on third parties and recommend mitigation actions to be implemented by third parties.
- Assess third party adherence to the minimum-security standards and record/track deviations or concessions.
- Operate a risk-based assurance approach to ensure key third parties continue to comply with the defined security requirements.
- Generate MI and reporting on third-party assessments and maintain risk profile of third parties.
- Reviewing information security controls on an ongoing basis against the changing risk landscape to evaluate changes in residual risk and assess the sufficiency of the corresponding compensating control(s) or the need for new controls.
To be successful in this role, you should have:
- Experience in Information Security governance, risk and compliance areas.
- Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
- Experience reviewing risk assessments, and SOC Type II reports for completeness and have worked with suppliers to address issues/concerns.
- Experience managing audit returns from clients and regulators.
- Supporting Legal and Procurement Teams with complex contract reviews/negotiations and communicating security risks/impacts to various business (often non-technical) stakeholders.
- Assisting writing Information Security related Policies, Processes and/or Procedures and analysing security controls.
Desired:
- Experience in using good practice standards such as ISO 27001, ISO 22301, ISO 9001, Cyber Essentials and NIST.
- Experience in a Project Management Office.
- Degree or equivalent in Information Technology or Risk Management.
- Certification in Information Security domains.
- Certification in cloud architectures is advantageous, especially Microsoft Azure.
As a colleague here at S&W you will have access to benefits that include:
- Competitive salary.
- Private medical insurance.
- Life assurance.
- Pension contribution.
- Hybrid working model (role dependent).
- Generous holiday package.
- Option to purchase additional holiday.
- Shared parental leave.
- Fully funded training towards professional qualifications.
- Cycle to work scheme.
- Season ticket loan.
- Eye care support.
We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At S&W we have a wide range of highly active employee resource groups and we’re delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workplace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.
We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.
Locations
Information Security Supply Chain Analyst employer: S&W
Contact Detail:
S&W Recruiting Team
We think you need these skills to ace Information Security Supply Chain Analyst
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Information Security Supply Chain Analyst role. Highlight your experience in risk assessments, compliance, and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background makes you a great fit for our team. Keep it concise but impactful – we love a good story!
Showcase Your Stakeholder Engagement Skills: Since this role involves working with various teams, make sure to highlight your experience in stakeholder engagement. Share examples of how you've communicated complex security risks to non-technical audiences – it’ll show us you can bridge that gap!
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it’s super easy!
How to prepare for a job interview at S&W
✨Know Your Stuff
Make sure you brush up on your knowledge of information security governance, risk, and compliance. Familiarise yourself with ISO 27001 and other relevant standards, as well as the specific responsibilities of the role. This will help you answer questions confidently and demonstrate your expertise.
✨Prepare for Scenario Questions
Expect to be asked about how you would handle specific situations, such as conducting vendor risk assessments or dealing with non-compliance issues. Think of examples from your past experience that showcase your problem-solving skills and ability to communicate effectively with stakeholders.
✨Show Your Team Spirit
This role involves collaboration with various teams, so be ready to discuss how you work within a team environment. Highlight any experiences where you've successfully engaged with different departments, like Legal or Procurement, to achieve common goals.
✨Ask Insightful Questions
At the end of the interview, don’t forget to ask questions! Inquire about the company’s approach to information security, their current challenges, or how they measure success in this role. This shows your genuine interest and helps you assess if the company is the right fit for you.
