Supplier Assurance Manager - Cyber Security

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work!  These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (and bank holidays)
• Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
• Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
• Buy as you earn and Save as you earn share schemes
• Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want

About the role

Technology risk and compliance is a relatively new function leading the way Tesco Technology manage their risks.  We are responsible for identifying, tracking and supporting the management of risks across Technology.  The team also manages the interfaces between Technology, Group Risk, International Compliance teams, internal and external audit.

The supplier assurance team is part of the broader technology risk and compliance team. This role will provide assurance to Tesco by assessing the security risk and criticality of supplier (3^rd party) organisations that store, access, process Tesco data or provide a critical service.

You will be responsible for

• Work with suppliers to identify and remediate risks as required and furthermore identifying critical suppliers to Tesco
• Maintain the supplier assurance risk register to ensure it remains relevant and up to date
• Provide high quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of the supplier.
• Maintain an up-to-date record of all suppliers that access, store, process and provide critical services to Tesco
• Monitor on-going compliance of suppliers within set schedules depending on the risk profile of the supplier
• Report metrics to Technology senior management and other key stakeholders
• Work closely with the relevant business owners, legal and procurement
• Support Technology colleagues with queries relating to supplier assurance

You will need

You’ll need to have demonstrated experience of:

• IT audit/risk management, with examples of managing technology risk and compliance within an organisation

• Knowledge of ISO standards in relation to information security and business continuity
• SME level expertise in respect to information security risk management processes, frameworks and procedures
• Communicating effectively to build and maintain transparent relationships with stakeholders (including Senior Management), clearly expressing risks and recommendations
• Critical thinking  with strong attention to detail, organisation and follow up
• Leading, planning and conducting interviews with suppliers to obtain an understanding of the area being reviewed
• Documenting processes and key controls in association with supplier and Tesco processes
• At least one professional qualification such as CISA, CISM, ISO27001 lead auditor or CISSP are essential

About us

Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move.  Our core purpose is “Serving our customers, communities and planet a little better every day”.  Serving means more than a transactional relationship with our customers.  It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves.  At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings.  We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities.  We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you.  Everyone is welcome at Tesco.

We have recently announced that we are moving to a more blended working week – combining office and remote working.  Our offices continue to be where we connect, collaborate and innovate.  Talk to us about how this can work for you.

Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.