Risk Analyst (Third Party Risk Management)

Risk Analyst (Third‑Party Risk Management)

Contract | Inside IR35 | UK Remote (occasional Leeds)
Industry: Retail / Manufacturing
Rate: £500 - £600/day (Inside IR35)
Duration: Initial 3 months

Overview

We're working with a global retail and manufacturing organisation to hire a TPRM Analyst into their Information Security Risk function. This role supports the assessment and ongoing monitoring of a large third‑party vendor estate, helping ensure external suppliers meet required cyber‑security, compliance, and risk standards.

This is a hands‑on, analyst role, well suited to someone with practical experience running vendor due‑diligence processes and working directly with third parties to address cyber and information‑security risks.

Key Responsibilities

Vendor Due Diligence & Assessment

• Support the execution of the vendor due‑diligence process across the full vendor lifecycle
• Issue, track, and review vendor security questionnaires covering security, privacy, and compliance
• Review and analyse security documentation, including SOC reports, ISO 27001 certifications, and other assurance evidence
• Use TPRM and security‑monitoring tools to assess vendor security posture and risk exposure

Risk Identification & Remediation

• Identify, document, and track risks arising from third‑party engagements
• Work with vendors and internal stakeholders to drive remediation of identified issues
• Support risk acceptance and escalation processes where appropriate

Stakeholder Engagement

• Collaborate with Information Security, IT, Legal, and Procurement teams
• Communicate risk findings clearly to both technical and non‑technical stakeholders

Compliance & Governance

• Ensure alignment with internal information‑security policies and third‑party risk standards
• Support reporting, metrics, and KPI tracking across the TPRM programme

Contract & Regulatory Support

• Assist with security reviews of supplier contracts to ensure appropriate clauses are in place
• Support vendor assessments linked to Authorised Economic Operator (AEO) compliance

Skills & Experience

• Understanding/experience with third-party risk management, information security, and IT risk frameworks.
• Familiarity with vendor assessment processes and security/compliance standards (e.g. ISO 27001, SOC 2, CyberEssentials).
• Experience with TPRM or security posture monitoring tools is desirable.
• Experience reviewing security documentation and audit reports is desirable.
• Ability to manage multiple stakeholders and priorities effectively.
• Good communication skills, with the ability to translate technical findings into business context.

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.