×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Third‐Party Risk Manager

Job in Cheltenham, Gloucestershire, GL50, England, UK
Listing for: Spirax-Sarco Engineering
Full Time position
Listed on 2026-02-24
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 GBP Yearly GBP 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Third‑Party Risk Manager

Location: Cheltenham, Gloucestershire (hybrid working)

We are seeking an experienced Third‑Party Risk Manager to build, mature, and ope rationalise our organisation’s Third‑Party Risk Management (TPRM) capability. This is a key role responsible for establishing a strong TPRM foundation and embedding structured processes, tooling, governance, and reporting across the supplier lifecycle.

As the Third‑Party Risk Manager, you will design and implement a scalable framework that enhances visibility, reduces exposure to supplier‑related risks, and drives continuous improvement across the organisation.

Key Responsibilities
  • Build and mature the organisation’s Third‑Party Risk Management Framework.
  • Develop a foundational TPRM framework aligned with NIST, ISO 27001, NIST SP 800-53/161, and internal security policies.
  • Define roadmap milestones to progress from ad hoc practices to structured, repeatable processes.
  • Establish scalable lifecycle processes for onboarding assessments, risk categorisation, assurance reviews, and continuous monitoring.
  • Support alignment with internal policies, including the Supplier Management Security Policy and Group Information Security Policy.
  • Lead security risk assessments for new and existing suppliers.
  • Implement supplier profiling and RAG tiering methodologies.
  • Document, communicate, and track supplier remediation and mitigation plans.
  • Establish mechanisms for ongoing assurance such as periodic reviews, evidence collection, and monitoring alerts.
  • Maintain a centralised supplier inventory and coordinate with procurement, contracting, IT, and business teams.
  • Develop KPIs and KRIs for third‑party risk and support quarterly reporting cycles.
  • Identify gaps in current processes and recommend improvements to strengthen TPRM practices.
  • Contribute to the creation of standardised assessment templates, processes, and communication workflows.
  • Partner with Procurement, Legal, IT, Finance, and business units to embed TPRM requirements across operations.
  • Provide training, guidance, and awareness sessions to enhance understanding of third‑party risks.
  • Offer expert consultation during supplier selection, contract negotiations, and incident response activities.
Your Experience
  • 5+ years in information security, assurance, TPRM, compliance, or audit.
  • 2+ years in a dedicated Third‑Party Risk Management role.
  • Strong working knowledge of ISO 27001, NIST CSF, NIST SP 800-53/161, CIS Controls, SCF, GDPR, cloud security, and supplier risk.
  • Experience conducting supplier assessments, reviewing security questionnaires, and managing remediation.
  • Hands‑on experience in cybersecurity, information security risk, compliance, or vendor oversight.
  • Familiarity with supplier assurance methodologies and recognised risk frameworks.
  • Experience with GRC or TPRM platforms such as Team Mate, Logic Gate, One Trust, or Audit Board.
Your Skills
  • Relevant certifications such as CISM, CRISC, CompTIA+, ISO 27001 Lead Auditor/Implementer, or CISA are desirable.
  • Ability to engage, challenge, negotiate, and influence stakeholders at all levels.
  • Strong analytical skills with excellent attention to detail.
  • Able to work independently, prioritise effectively, and adapt in a fast‑moving environment.
  • Confident communicator with the ability to simplify complex concepts.
  • Proactive, curious, and committed to continuous learning.
Benefits

You will receive a competitive salary (and a discretionary bonus), flexible working and excellent benefits including 27 days holiday allowance (before bank holidays), 3 days’ paid volunteering leave, comprehensive private healthcare, enhanced pension plan, life assurance, optional participation in a Share Ownership Plan, free onsite parking, flexible benefits, and access to a personal discounts’ portal. We also offer a range of additional support and benefits through our Everyone is Included Group Inclusion Plan, detailed below.

Spirax Group is a FTSE
100 and FTSE4

Good multi‑national industrial engineering Group with expertise in control and management of steam, electric thermal solutions, peristaltic pumping and associated fluid technologies.

We are passionate about creating inclusive and equitable working…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search