Third Party Risk Analyst

About this role

Requirements

• Degree or equivalent experience in a relevant field such as risk management, business, information security, procurement or law
• Understanding of third party risk management and UK regulatory expectations relating to outsourcing and supplier assurance
• Solid analytical skills with experience performing gap analysis and interpreting technical risk information
• Experience working in a controls driven environment with governance, audit and evidence based assessments
• Professional certifications beneficial including CTPRP, IRM, CRISC, CISSP, ISO 27001, CIPP/E or CIPS

Responsibilities

• Support end to end execution of supplier assurance reviews, including criticality assessment, supplier tiering and gap analysis
• Issue, manage and assess Third Party Assurance Questionnaires across key risk domains including cyber security, data protection, operational resilience and business continuity
• Evaluate supplier responses and evidence to assess control design and effectiveness, documenting findings and residual risk
• Produce clear Third Party Assurance Reports, including issues, remediation actions and timelines
• Act as Pay.UK’s operational point of contact with suppliers during assurance activity, including evidence collection and scheduling
• Engage internal subject matter experts to validate evidence, challenge responses and escalate issues where required
• Maintain accurate supplier and risk data within the GRC tool and provide first line support to suppliers
• Monitor the supplier threat landscape using external intelligence and data sources

Benefits

• Value diversity and inclusivity