Third Party Risk Manager

Date: Nov 17, 2024

Location: Birmingham, GB, B37 7ES

Company: LRQA

The Third-Party Manager will hold a key position in driving effective collaboration with external vendors. The ideal candidate should possess expertise in building an end-to-end third-party management framework, demonstrating proficiency in crafting strategies that ensure that all third-parties are effectively risk managed throughout their lifecycle. 

 

The candidate will support the ongoing business needs in the development and continuous improvement of the Supplier Risk management, maintaining systems, producing management intelligence and preparing management information reports including supplier risk reporting.  

 

The candidate must have experience working with third-parties and procurement, with a good understanding of Information Security and Data Protection principles.  

Other activities such as due diligence, remediation, exit and contingency planning, supporting the business with supplier performance issues, and supplier performance reporting are also required. 

 

This role is offered as a hybrid opportunity with occasional presence at Birmingham office.

 

What will you do
 

  • Develop and maintain a Third-Party Management programme that identifies risks and establishes clear mitigation plans to reduce inherent risk and potential operational disruption. The Programme must: 

  • Cater to a global company. 

  • Establish and maintain a central repository of third-party vendors against which to check suitability and performance of vendors. 

  • Consider the requirements of different departments across LRQA, such as Information Security, Data protection, Legal and HR. 

  • Categorise suppliers based on their risk profile. 

  • Include control checks that are performed accurately and on a timely basis. 

  • Provide actionable reporting to make effective change and reduce risk. 

  • Provide the business with effective and timely management, oversight and advice for third parties throughout the life cycle from onboarding, to in service management and if necessary offboarding and contingency planning.  

  • Support the onboarding of third parties on a risk based approach and in line with LRQA policies. 

  • Challenge the risk of suppliers before contract agreement. 

  • Support the maintenance of the Supplier Management Standard to ensure it stays appropriate, up-to-date and addresses emerging risks.  

  • Facilitate Information Security responses to client requests for information via assessment and contract reviews. 

  • Ensure adverse media events reported by third-parties are investigated and reported in line with LRQA procedures. 

  • Oversee and monitor supplier relationships with the business contacts responsible for them, including the creation and management of remediation plans for third parties where necessary.  

  • Execute control checks to monitor third-party compliance with standards such as ISO 27001, LRQA policy and other best practise and reporting results and non-conformities to stakeholders 

  • Meticulously document processes surrounding owned responsibilities. 

  • Where relevant, collaborate with business stakeholders to agree pragmatic recommendations and actions for reducing risk exposure where these exceed appetite or tolerance. 

 

What will you bring ?

 

  • Experience in establishing third party security practises and on-going continuous improvement.
  • Strong working experience of procurement and supplier lifecycle, as well as supply chain risk management practices
  • Understanding of Information Security practices such as ISO 27001, NIST, Cyber Essentials
  • Experience with GDPR
  • Strong soft skills, confident in making change with the ability to influence people cross functionally.
  • Fluent in Risk and non-conformity Management
  • Experience in creating and maintaining business policies and standards pertinent to third party risk
  • Excellent communication skills; to operate with diplomacy, tact and empathy
  • Knowledge of contract review process and supply chain due diligence procedures
  • Clearly understands and works to meet stakeholder needs; able to think strategically
  • Raise the profile of third-party management and work with the business to support understanding

 

 

The future is exciting and rapidly changing.  New challenges and opportunities are arising all the time. We’re adapting to these challenges by expanding our portfolio of services and aiming to become the leading digitally enabled assurance provider.

 

In December 2021, Goldman Sachs Asset Management acquired the LRQA business from Lloyd’s Register Group. Becoming an independent business accelerated our ability to realise our ambitious growth plans.

 

With solid expertise and heritage in our sector, coupled with well-timed accelerated investment and a leadership team that is fully committed to delivering our vision, LRQA’s next chapter is set to be an exciting, transformational period of growth. We’re well placed to build on everything we’ve done and further our ambitions for the future.  At such an exciting time this is a great opportunity to be part of our next chapter.  We are looking for talented people who will support us to build on our strengths and transform our business to be the best partner for our clients.