Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.

Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance.

Based in the City of London with a flexible hybrid model (average 4 days on-site), this position offers a competitive base salary of up to £120,000, with a total compensation package reaching £155,000 through exceptional benefits and annual/loyalty bonuses.

• Third-Party Risk Management:Lead and own the third-party vendor risk assessment process across a portfolio of #removed# vendors. Review and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks.

• Governance, Risk & Compliance (GRC):Actively contribute to broader GRC initiatives, including:

  • Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management).

  • Designing and deploying security awareness programs (e.g., phishing simulations, training content).

  • Assisting with internal and external audit responses (e.g., NYSDFS, MAS, APRA, Lloyd's) and regulatory reporting.

  • Supporting client due diligence processes with robust documentation and communication.

• Security Controls and Collaboration:Research and interpret both technical and non-technical security controls. Collaborate with infrastructure, engineering, and business teams to ensure appropriate control implementation aligned with organisational security goals.

• Executive Reporting:Track, prioritise, and report on risk and compliance status, key issues, and mitigation progress to leadership teams.

• Bachelor's degree in Cyber Security, Information Technology, or a related STEM discipline.

• Minimum 7 years' experience in Information Security GRC, ideally within a large, global enterprise.

• Strong understanding of the interplay between Security, Infrastructure, and Engineering teams.

• Demonstrated experience with third-party risk management and vendor assessments.

• Excellent analytical, communication, and record-keeping skills, with an audit-oriented mindset.

• Familiarity with TPRM tools (e.g., SecurityScorecard, BitSight, RiskRecon).

• Experience working with GRC platforms (e.g., Drata, Vanta, OneTrust).

• Previous involvement in regulatory audits across frameworks such as NYSDFS, MAS, APRA, Lloyd's, etc.

• CISSP, CISA, CISM, or equivalent professional security certifications.