Your responsibilities:
As a CyberVadis Security Consultant, you will lead the implementation, management, and continuous optimization of our Third-Party Cyber Risk Management (TPCRM) framework. You will leverage the CyberVadis platform to automate, assess, and mitigate risks across our vast supplier network, ensuring robust compliance with UK security standards
Key Responsibilities
Vendor Assessment & Audit
• Perform desktop audits by verifying submitted vendor documents and evidence.
• Scrutinize security policies, configurations, and Information Security Management Systems (ISMS).
• Evaluate supplier characteristics including operational scope, industry risks, and company size.
• Monitor assessment progress to ensure timely lifecycle completion by vendors.
Risk Advisory & Remediation
• Translate technical vulnerabilities from CyberVadis scorecards into clear business risks.
• Formulate action plans to assist vendors in improving their security postures.
• Liaise with stakeholders across internal legal, procurement, and external supplier teams.
• Align supplier metrics with international frameworks like ISO 27001 and NIST.
Methodology & Intelligence
• Enhance assessment models to keep pace with evolving corporate procurement standards.
• Track security trends and regulatory updates impacting global data privacy laws.
• Synthesize threat intelligence to update internal supplier risk tiering metrics.
Your Profile
Essential skills/knowledge/experience:
Education & Experience
• Degree holder in Cybersecurity, Information Technology, or Computer Science.
• 5+ years’ experience minimum in risk advisory, cybersecurity consulting, or third-party risk management.
• Platform expertise navigating third-party risk portals, specifically CyberVadis
Technical Skills
• Framework fluency covering ISO 27001/2, NIST SP 800-53, SOC 2, and GDPR.
Soft Skills
• Cross-functional coordination to manage multiple vendor timelines simultaneously.
• Strong negotiation and stakeholder management skills to influence external suppliers to elevate their security maturity
• Meticulous attention to detail when identifying security gaps within supplier data.
________________________________________
Preferred Certifications
• ISO 27001 Lead Auditor / Implementer
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• CompTIA Security+ or GIAC
• Certified in CyberVadis
________________________________________