Principal Third Party Risk Analyst

Join OneAdvanced We are seeking a highly skilled and experienced Principal Third-Party Cybersecurity Risk Analyst to take end-to-end ownership of OneAdvanced s supplier cybersecurity risk management activities This role is responsible for assessing monitoring and managing cybersecurity risks arising from third-party suppliers ensuring they meet OneAdvanced s security privacy and resilience expectations You will independently perform and manage supplier cybersecurity assessments review control environments evaluate risk exposure and provide clear risk-based recommendations to internal stakeholders You will also improve processes enhance tooling including the use of AI and ensure strong risk governance across the supplier lifecycle If you have strong cybersecurity knowledge deep assessment experience and the ability to operate with high ownership and autonomy this role offers a meaningful opportunity to strengthen OneAdvanced s supply-chain security posture What You Will Do Supplier Cybersecurity Assessments Conduct detailed cybersecurity assessments for new and existing suppliers based on their classification and inherent risk Review supplier evidence including SOC 2 reports ISO 27001 certifications penetration test results data flows architecture diagrams cloud security configurations and security policies Evaluate cybersecurity controls across key areas such as access management encryption monitoring incident response business continuity and vulnerability management Document risks observations and required actions with clarity and accuracy Risk Governance Exception Support Maintain and update the supplier cybersecurity risk register ensuring risks are tracked monitored and managed through their lifecycle Support the exception process by preparing well-reasoned risk-based recommendations and identifying potential compensating controls Ensure consistency and adherence to ISO 27001 NIST CSF GDPR and internal security policies Execution of the TPRM Process Manage all cybersecurity-related elements of the TPRM workflow including RSQ SAQ review supplier classification assessment execution and remediation follow-up Ensure assessments are completed within agreed timelines while maintaining high quality and accuracy Coordinate with suppliers and internal stakeholders to obtain required information and progress reviews Continuous Improvement AI Enablement Improve assessment quality efficiency and consistency through updated templates improved scoring methods and streamlined review processes Leverage AI-enabled tools for evidence extraction document review control mapping or supplier intelligence where applicable Contribute to the evolution of the TPRM methodology and the cybersecurity control library Collaboration Stakeholder Engagement Work closely with Procurement Legal Technology and Business teams to embed supplier cybersecurity expectations into procurement and contracting activities Provide clear communication on assessment outcomes risks and mitigation actions Support security clause reviews and input to contract obligations when required Metrics Monitoring Reporting Produce dashboards and reports to reflect supplier assessment progress open risks exceptions and remediation status Identify trends or recurring issues across suppliers and provide insights for programme improvement Support updates to relevant governance forums when needed Awareness Knowledge Sharing Deliver internal awareness sessions on supplier cybersecurity expectations and TPRM processes Stay informed about emerging supply-chain threats regulatory developments and best practices What You Will Have Skills and Experience Minimum of 8 years in Third-Party Risk Management cybersecurity assessment audit security assurance or related roles Strong understanding of cybersecurity frameworks such as ISO 27001 2022 NIST CSF SOC 2 GDPR cloud security principles and SaaS security controls Proven ability to review complex technical documents and extract meaningful risk insights Strong analytical ability with high attention to detail and structured documentation skills Ability to work autonomously manage multiple assessments and handle changing priorities Effective written and verbal communication suitable for cross-functional teams Preferred Qualifications Bachelor s degree in Cybersecurity Information Security IT Risk Management or equivalent Certifications such as CRISC CTPRP CISA CISSP ISO 27001 Lead Auditor Implementer are desirable Experience with AI-enabled assessment or automation tools is advantageous Behavioural Attributes A balanced risk-based mindset with the ability to make sound well-reasoned decisions Logical thinking problem-solving ability and willingness to challenge assumptions where needed Commitment to continuous improvement and professional growth Collaborative dependable and able to build strong working relationships What We Do For You Wellbeing focused - Our people are our greatest assets and ensuring everyone feels their best self to come to work is integral Annual Leave - 20 days of annual leave plus public holidays Employee Assistance Programme - Free advice support and confidential counselling available 24 7 Personal Growth - Regardless of where you are at in your career we re committed to enabling your growth personally and professionally Development Programmes - From Future Managers to Leadership Training our development programmes help you get where you need to go Online Learning Platform SkillsHub - Learning at your fingertips anytime from anywhere You can access our online library with relevant content for your career growth Life Insurance - 3x annual salary Personal Accident Insurance - providing cover in the event of serious injury illness Performance Bonus - Our Group-wide bonus scheme enables you to reap the rewards of your success Who We Are OneAdvanced is one of the UK s largest providers of business software and services serving 20 000 global customers with an annual turnover of 330M We manage 1 5 million 111 calls per month support over 2 million Further Education learners across the UK handle over 10 million wills and so much more Our mission is to power the world of work and as you can see our software underpins some of the UK s most critical sectors We invest in our brilliant people They are at the heart of our success as we strive to be a diverse inclusive and engaging place to work that not only powers the world of work but empowers the growth ambitions and talent of our people To learn more about working at OneAdvanced please