Principal TPRM Consultant; Cyber Security

Location: London, 3 days a week onsite, 2 days remote

No sponsorship available with this role.

The title does not truly summarise the role, this is a Technical Consulting role, consulting into the internal TPRM team.

The TPRM Principal Security Consultant acts as a trusted advisor to senior stakeholders, ensuring the security of a wide range of technical integrations with third‑party suppliers. The role provides risk-based assessments and supports mitigation strategies for complex third-party engagements.

You will embed Secure‑by‑Design principles across all activities and ensure risks are effectively understood, communicated, and managed.

The role involves building strong relationships across engineering and leadership teams, supporting a global third‑party landscape spanning multiple business units, including digital platforms, retail operations, and external partners.

You will help shape strategy, oversee security assessments, establish governance models, and collaborate across security, risk, procurement, legal, and compliance functions to enhance third‑party risk management practices.

• Scope:
  Enterprise‑wide third‑party portfolio
• Function:
  Information Security
• Focus:
  Governance, Risk, and Security

• Own the Info Sec relationship for assigned third‑party portfolios to enable risk‑aware decision‑making
• Act as a trusted advisor to both technical and non‑technical stakeholders
• Identify when additional support is required from Security Architecture, Engineering, or Design teams and coordinate engagement
• Lead technical security risk assessments and provide guidance aligned to industry frameworks and Secure‑by‑Design principles
• Oversee supplier onboarding risk assessments and ongoing monitoring activities
• Ensure intelligence and security insights are shared with relevant internal functions (e.g. threat modelling, cyber intelligence)
• Collaborate with GRC teams on risk, compliance, and assurance activities
• Provide mentorship and technical guidance to team members
• Communicate effectively with stakeholders at all levels, including senior leadership

• Strong knowledge across at least two security domains, with working knowledge of others, such as:
• Application Security
• Network Security
• Infrastructure Security
• IoT / Operational Technology Security
• Demonstrated experience with risk assessment methodologies and compliance frameworks
• ~6+ years in technology, including at least 2 years in a senior security or engineering role
• Experience working within complex technical environments
• Relevant certifications (e.g. CISSP, CISM, CRISC, CCSP, CCSK)
• Degree in Computer Science, Cyber Security, or related field

• Information Security (Engineering, Architecture, Risk & Compliance, Cyber Defence)
• Technology teams (e.g. cloud platforms, workplace technology, development teams)
• Business functions (e.g. procurement, legal, compliance)
• Senior leadership and non‑technical stakeholders

• Clear and effective communication
• Strong stakeholder management and influencing skills
• Ability to operate across technical and business domains
• Ownership and accountability for delivery
• Commercial awareness and risk‑based decision making
• Focus on continuous improvement and pragmatic outcomes