GRC Third Party Analyst

Location: Emley Moor

We operate a flexible, hybrid working environment up to twice a week in the office.

• Up to £50,000
• Work Life Smarter – our commitment to a flexible and hybrid working culture
• Generous pension scheme starting at 6% rising to 10%
• A unique wellbeing programme that looks after the whole you
• Access to multiple learning platforms to support your individual development
• Active and diverse networks that build community, support wellbeing and advocate for change
• A comprehensive set of benefits including discounts on big brands, gymflex memberships and paid volunteering leave - see our full list of benefits here.

Role Overview

Manages supply chain assurance by identifying and mitigating risk, supporting on efforts to ensure risks are managed and security protocols align with industry standards. Provides insight into the identification and mitigation of security risks pertaining to supply chain.

Accountabilities

• Support the implementation of IS and cyber security policies and ensure adherence to regulations.
• Conduct thorough risk assessments of third-party vendors and suppliers to ensure compliance with the organisation's security policies and standards.
• Ensure that third-party vendors and suppliers comply with relevant regulatory requirements and industry standards, such as GDPR, ISO 27001, and NIST.
• Collaborate with legal, IT, and other departments to ensure full compliance with security requirements
• Provide training and awareness programs for internal stakeholders and third-party vendors on security best practices and the organisation's security policies.
• Provide guidance on governance, risk, compliance, and security expertise and act as an SME for the team.
• Collaborate with third-party vendors and internal teams to respond to security incidents involving third-party access or supplier-related issues.
• Implements supplier assurance programs to monitor and evaluate the security practices of suppliers and vendors.
• Maintain accurate and up-to-date documentation of third-party risk assessments, access management activities, and supplier assurance programs.
• Generate regular reports for senior management.
• Review/redlines and negotiates security-related clauses in contracts with third-party vendors and suppliers to ensure adequate protection of the organisation's data.
• Manages third-party access to the organisation's systems and data, ensuring that access is granted based on the principle of least privilege.
• Continuously evaluate and improve third-party access and supplier assurance processes to enhance the organization's overall security posture.
• Provide support to the wider GRC team.

Skills

• Cyber Security - proficiency in cyber security tools and technologies.
• Cyber Advisory - knowledge of cyber best practice and advisory skills to pass this on
• Cyber Incident Management - ability to identify and respond to cyber security incidents
• Security Principles - understanding of security principles and practices
• Information Security - Knowledge of information security management frameworks, governance standards and regulatory/legislative compliance (e.g. GDPR, ISO 27001).
• Risk Management and QA - Ability to identify and mitigate potential risks, and implement quality control processes
• Communication skills - collaborate with cross-functional teams, present technical info and provide training or support.
• Analytical and technical problem-solving skills to diagnose and resolve technical issues
• Innovation and CI - ability to drive innovation and continuous improvement
• Relationship management - ability to foster relationships (and network) with external vendors, suppliers, industry peers, etc.

Knowledge & Experience

• Substantial experience in cyber security, IT systems, governance, risk, compliance, IS security or a related field.
• Knowledge of security standards and industry best practices.
• In-depth knowledge of legislation applicable to role.

Qualifications

A degree (or equivalent experience) in Computer Science, Information Systems, Cyber Security, or related field is advantageous. Relevant certifications (e.g., CISSP, CISM, CRISC) are a plus.

Why Arqiva

We enable a switched-on world to flow. As the UK’s leader in TV and radio broadcast and the country’s top smart utilities platform, we are shaping the future of connectivity.

Our infrastructure delivers media and data exactly where they’re needed - whether that’s bringing TV and radio to your home or sending smart meter data to your utility provider. Our technology works quietly behind the scenes, connecting millions every day.

But it’s not just what we do, it’s how we do it. At Arqiva, you’ll find real connection: supportive teams, active colleague networks and plenty of ways to get involved and feel part of our community. We’ll give you the space and support to grow - whether that’s developing your skills, trying something new or taking on fresh challenges. And because there is more to life than work, our rewards and benefits are designed to support your wellbeing, your lifestyle and what matters most to you.

Our commitment to Diversity & Inclusion

At Arqiva, we’re committed to building a workplace where everyone feels valued, heard and empowered to succeed. We welcome applications from all backgrounds and experiences, and we work hard to remove barriers so every colleague can thrive. If you need any adjustments at any stage of the recruitment process, please reach out to talent@arqiva.com.

If this sounds like the right next step for you, we’d love to hear from you!