Cyber Security Supply Chain Risk Manager

Job Description What you’ll do: Cybersecurity Risk Assessment: conduct and manage comprehensive risk assessments of suppliers, vendors, and partners to identify and mitigate cybersecurity threats in the supply chain Service Team Collaboration: support and assist Service Teams with the security aspects of their procurement needs, ensuring that appropriate information and cyber security requirements are included in tender documents, specifications and contracts Liaise with Commercial and Legal functions to ensure the requirements are included in tender and contract documentation Vendor Due Diligence: collaborate with procurement and legal teams to assess vendor security practices during onboarding and throughout the vendor lifecycle ensure third-party vendors comply with the organisation’s cybersecurity policies and standards Supply Chain Risk Management (SCRM): develop and maintain a robust cybersecurity supply chain risk management (SCRM) program, including standardised supply chain risk logging, continuous monitoring, auditing, and evaluating third-party risk exposure individually, by category and in aggregate Compliance and Standards: ensure supply chain activities comply with relevant cybersecurity frameworks and regulations (e.g., NCSC Cyber Assessment Framework, GovS007, ISO 27001, GDPR/DPA18) Implement best practices from industry standards to secure supply chain operations Third-Party Contract Management: work with the legal and commercial teams to ensure cybersecurity clauses are included in supplier contracts Define key performance indicators (KPIs) and service level agreements (SLAs) around vendor cybersecurity responsibilities Periodically audit contracts for security terms, in order to understand any gaps in live contracts Incident Response: support the development of processes and protocols for managing third-party cybersecurity incidents, including coordinating with vendors during a breach, ensuring timely communication, and mitigating the impact on the organisation Vendor Cybersecurity Audits: lead or co-ordinate periodic cybersecurity audits of vendors and third parties to ensure they maintain high security standards Identify gaps and work with vendors to implement remediation plans Training and Awareness: provide training and support to internal stakeholders on supply chain cybersecurity risks and vendor management best practices Increase awareness of supply chain threats and trends within the organisation Collaboration and Communicatio...