Job description
GRC Third Party Analyst– Inside IR35
Department: Technology - Information Security (GRC)
Reports to: GRC Supply Chain Assurance Lead
Type: £450 – £500 Inside IR35
Location: Crawley
As a GRC Third Party Analyst, you will support supply chain assurance and third-party access activities. Your responsibilities will include conducting due diligence on new suppliers, assessing their risk to the business, ensuring compliance with supplier contractual obligations, and managing third-party access requests. You will work closely with the wider information security team and occasionally with Threat & Response to handle potential supplier breaches.
Key Responsibilities:
Department: Technology - Information Security (GRC)
Reports to: GRC Supply Chain Assurance Lead
Type: £450 – £500 Inside IR35
Location: Crawley
As a GRC Third Party Analyst, you will support supply chain assurance and third-party access activities. Your responsibilities will include conducting due diligence on new suppliers, assessing their risk to the business, ensuring compliance with supplier contractual obligations, and managing third-party access requests. You will work closely with the wider information security team and occasionally with Threat & Response to handle potential supplier breaches.
Key Responsibilities:
- Assess new suppliers' security controls and categorize their risk to the business.
- Support the supplier security audit program (ISO27001:2022) to identify risks and ensure timely completion.
- Implement supplier security compliance regime, continuously assessing and reporting on compliance.
- Regularly assess supplier contractual security obligations and highlight any non-compliance.
- Coordinate supplier audits with third-party suppliers and the Information Security Compliance Analyst.
- Provide security compliance and assurance support on projects and bids to the GRC Supply Chain Assurance Lead.
- Experience in information security supply chain management.
- Knowledge of the Telecoms Security Act (2022), The Electronic Communications Regulations 2022, and Telecommunications Security Code of Practice.
- Strong understanding of Risk Management and Access Management.
- Familiarity with relevant regulations and standards (e.g., ISO 27001, GDPR, NIST).
- Experience in conducting audits.
- Excellent communication and stakeholder management skills.
- Strong analytical and problem-solving abilities.
- Professional certifications (e.g., CISA, CISSP, CISM, CISMP, ISO27001 Lead Auditor/Implementor) are advantageous.
- Ability to translate technical risk language into business terms.
