We know life looks a little different for each of us. That’s why at Tesco, we always welcome chats about flexible working. Some people are at the start of their careers, some want the freedom to do the things they love. Others are going through life-changing moments like becoming a carer, nearing retirement, adapting to parenthood, or something else. So, talk to us throughout your application about how we can support. This is a fantastic opportunity to join Tesco’s Third Party Risk Management team, part of the wider Cyber Risk function. The Third Party Risk team provides assurance to Tesco by assessing the security risk and criticality of third party (supplier) organisations that store, access, or process Tesco data, or provide a critical service. • Work with suppliers to identify and remediate risks as required and furthermore identifying critical suppliers to Tesco • Maintain an up-to-date record of all suppliers that access, store, process and provide critical services to Tesco, including the supplier assurance risk register • Provide high quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of the supplier • Monitor on-going compliance of suppliers within set schedules depending on the risk profile of the supplier • Work closely with the relevant business owners, legal and procurement to ensure third party risks are considered and managed at appropriate points of the supplier lifecycle • Support Technology colleagues with queries relating to supplier assurance • IT audit/risk management, with examples of managing technology risk and compliance within an organisation • Knowledge of ISO standards in relation to information security and business continuity • SME level expertise in respect to information security risk management processes, frameworks and procedures • Leading, planning and conducting interviews with suppliers (or similar stakeholders) to obtain an understanding of the area being reviewed • Critical thinking with strong attention to detail and good organisational skills • Strong written, verbal communication and presentation skills, working with all levels of seniority and disciplines within the organisation • Able to build solid working relationships with peers as well as internal and external stakeholders • At least one professional qualification such as CISA, CISM, CISSP or equivalent