Risk Manager (Third Party & Supply Chain)

Summary: The Risk Manager (Third Party & Supply Chain) role at Evelyn Partners involves overseeing information security risk management related to third-party vendors and supply chains. The position requires expertise in security compliance, risk assessments, and governance processes, ensuring that third parties meet security standards to mitigate risks. The role is integral to maintaining compliance with regulatory frameworks and involves collaboration with multiple stakeholders. This is a 6-month hybrid contract based in Liverpool.

Key Responsibilities:

• Conducting due diligence and security risk assessments on suppliers, vendors, and other third parties across the supply chain.
• Evaluating vendor security postures using evidence-based assessments (eg, SOC 2, ISO 27001, penetration tests).
• Ensuring third parties meet Evelyn Partners' minimum security standards and apply effective risk mitigations where gaps are identified.
• Maintaining an accurate and current view of supply chain risks, including emerging threats and vulnerabilities in the vendor ecosystem.
• Supporting incident response planning and coordination related to supply chain risk scenarios.
• Supporting the implementation and continual improvement of ISO 27001, Cyber Essentials, and NIST CSF compliance programs.
• Ensuring security risks are effectively communicated to stakeholders and appropriately documented.

Key Skills:

• Proven experience in Information Security, specifically in third-party risk, supply chain assurance, and governance, risk, and compliance.
• Strong understanding of ISO 27001 (implementation, audit, and continuous improvement), Cyber Essentials, and NIST CSF.
• Familiarity with reviewing SOC 2 Type II, ISO 27001 certifications, and other third-party assurance artefacts.
• Ability to analyse and evaluate technical and procedural controls in vendor environments.
• Experience responding to audit and regulatory requests, and supporting client due diligence processes.
• Strong collaboration and communication skills to engage with non-technical stakeholders and influence outcomes.
• Ability to work proactively and manage multiple concurrent assessments and projects in a dynamic environment.

Salary (Rate): undetermined

City: Liverpool

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT