Third Party Security Analyst (Hiring Immediately)

​
Job reference 338711
Third Party Security Analyst
Competitive salary plus car allowance, healthcare , 18% annual bonus potential, 25 da ys annual leave plus bank holidays rising with service and a company pension scheme with highly competitive contribution rates
Permanent, Full time

Hybrid working in either London or Sheffield office x3 days a week

Third Party Security Analyst

Royal Mail Group is strengthening its cyber security capability and we’re looking for a Third Party Security Analyst to play a key role in safeguarding our supply chain. This is an exciting opportunity to join a growing cyber function where you’ll assess, influence, and uplift the security posture of suppliers that support critical business operations.

You’ll work closely with Procurement, Legal, Data Protection, and technical teams to ensure our suppliers meet the highest standards of security — and you’ll help shape how Royal Mail manages third‑party cyber risk across the entire organisation.

The role

• Supplier Assurance Conduct detailed security assessments of new and existing suppliers, ensuring alignment with Royal Mail standards and frameworks such as ISO 27001, NIST, and UK GDPR.
• Risk Analysis & Reporting Identify and document supplier risks, producing clear, actionable risk packs that explain business impact and recommended remediation.
• Contractual Security Management Support the drafting and negotiation of security schedules and clauses within supplier contracts, ensuring appropriate controls for data protection, incident response, and continuity.
• Tooling & Data Management Operate and maintain third‑party risk management tools (e.g., SureCloud, RiskRecon), ensuring accurate data, timely updates, and meaningful dashboards for reporting.
• Stakeholder Engagement Work with Procurement, Legal, Data Protection, and business teams to embed security requirements into supplier processes. Communicate complex issues in clear, accessible language.
• Technical Insight Contribute to the development of security approaches across emerging technologies such as AI, Cloud, and IoT.
• Continuous Monitoring Conduct periodic reviews of critical suppliers and monitor for changes in risk posture, tracking issues through to closure.
• Governance & Compliance Support governance reporting, policy development, and continuous improvement of supplier assurance processes.
• Training & Awareness Assist in delivering training and guidance to internal teams on supplier security best practice.

Your experience

• Experience in cyber security, supplier assurance, or GRC within a large enterprise environment.
• Strong understanding of risk assessment methodologies and third‑party risk management.
• Ability to translate technical risks into clear business language and influence stakeholders.
• Familiarity with ISO 27001, NIST CSF, UK GDPR, and contractual security requirements.
• Experience using GRC or vendor risk management platforms (e.g., SureCloud, RiskRecon).
• Strong analytical skills with the ability to cut through complexity and provide clear recommendations.
• Excellent communication skills — written, verbal, and presentational.
• Ability to manage multiple priorities and suppliers simultaneously.
• A willingness to learn and develop further in the cyber security domain.

Preferred qualifications

• Degree in a relevant field
• CISM, CRISC, ISO 27001 Lead Auditor, or equivalent certification (or working towards one)

Why join Royal Mail Group?

• Work in a high‑impact role that directly protects the organisation’s supply chain.
• Collaborate with a wide range of stakeholders across a major UK business.
• Develop your expertise in supplier assurance, risk management, and cyber governance.
• Be part of a supportive cyber security team with opportunities for growth and progression.

Extra Benefits

• Family friendly support - enhanced maternity pay, paternity leave, adoption leave and shared parental leave
• Supportive and generous company sick pay
• Funded Dental – As a manager you are eligible to a level of employer funded dental insurance*
• Health Assessment – As a manager you are eligible to an employer funded health assessment every 2 years*
• Benefits Account – You will have access to your personal benefits account on our ‘My Bundle+’ platform. There are more than 800 retail offers to help you save on things like groceries, days out, holidays and your household bills as well as employer provided and voluntary benefits to suit your lifestyle.
• Your Wellbeing - you and your family have 24/7 access to services and tools to help you get the most out of life. From your physical and mental health to financial and social support and advice. It’s free, and it’s for everyone.

*Available only to permanent employees

<