The following content displays a map of the jobs location - Welwyn Garden City
Third Party Risk Manager
What’s in it for you
We offer excellent benefits that help make Tesco a great place to work! These include but are not limited to:
- Annual bonus scheme
- Holiday starting at 25 days plus a personal day (and bank holidays)
- Great colleague discounts and deals, saving you money on everyday purchases, utility bills for the home and more
- Retirement savings plan – save between 4% and 7.5% and Tesco will match your contribution
- Buy as you earn and Save as you earn share schemes
- Opportunities to get on – take advantage of our ongoing learning opportunities and award-winning training to help you achieve the career you want
About the role
This is a fantastic opportunity to join Tesco’s Third Party Risk Management team, part of the wider Cyber Risk function. The Third Party Risk team provides assurance to Tesco by assessing the security risk and criticality of third party (supplier) organisations that store, access, or process Tesco data, or provide a critical service.
You will be responsible for
• Work with suppliers to identify and remediate risks as required and furthermore identifying critical suppliers to Tesco
• Maintain an up-to-date record of all suppliers that access, store, process and provide critical services to Tesco, including the supplier assurance risk register
• Provide high quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of the supplier
• Monitor on-going compliance of suppliers within set schedules depending on the risk profile of the supplier
• Work closely with the relevant business owners, legal and procurement to ensure third party risks are considered and managed at appropriate points of the supplier lifecycle
• Support Technology colleagues with queries relating to supplier assurance
You will need
• IT audit/risk management, with examples of managing technology risk and compliance within an organisation
• Knowledge of ISO standards in relation to information security and business continuity
• SME level expertise in respect to information security risk management processes, frameworks and procedures
• Leading, planning and conducting interviews with suppliers (or similar stakeholders) to obtain an understanding of the area being reviewed
• Critical thinking with strong attention to detail and good organisational skills
• Strong written, verbal communication and presentation skills, working with all levels of seniority and disciplines within the organisation
• Able to build solid working relationships with peers as well as internal and external stakeholders
• At least one professional qualification such as CISA, CISM, CISSP or equivalent
Our vision at Tesco is to become every customer’s favourite way to shop, whether they are at home or out on the move. Our core purpose is “Serving our customers, communities and planet a little better every day”. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of, and for the planet.
We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We’re committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re a big business with diverse working patterns and many business areas which means that we can find something that works for you. Everyone is welcome at Tesco.
We have recently announced that we are moving to a more blended working week – combining office and remote working. Our offices continue to be where we connect, collaborate and innovate. Talk to us about how this can work for you.
Note: Should you be successful in your application, your employment will be subject to and conditional upon you providing your bank account details on your agreed start date.