Information Security Consultant (Third Party Due Diligence)

£350 - £500 per day
29 Jan 2018
26 Feb 2018
Mary Worthington
Clearance Level
None / Undisclosed
Job Type

Information Security Consultant (Third Party Due Diligence)

My client, an organisation based in the North West are actively looking for a contract Security consultant to join their expanding team. This will initially be a three month contract, focused around third party supplier due diligence, managing questionnaire reviews and any remediation points. This is a fantastic team, and offers an opportunity to take ownership over this area.

The Role

  • Assist the implementation of Information Security services as part of newly formed CISO team.
  • Coordinate and manage third party supplier security review process, (circa 200+ suppliers), schedule and risk management activities in order to help to understand the supply chain security position.
  • Develops security processes and procedures, and supports service-level agreements to ensure that security services are managed and maintained.
  • Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.
  • Manages relationship with external auditors. Receives audit findings, and manages the collection of responses and remediation plans with owners.


  • A strong supplier security focus, with the ability to manage expectations appropriately, to provide a superior experience and build long-term relationships.
  • Contemporary understanding of supplier review processes, and proven experience, and ability to successfully deliver multiple supplier reviews in parallel, effectively, over specific timescales.
  • Ability to prioritise supplier reviews, based on common sense business risk and level of criticality of services.
  • Proven ability to lead supplier review processes, someone that's helped define the approach and successfully delivered using it, (rather than someone who has operated within, existing, predefined processes - already defined for them).
  • Ability to interact with the organisations people, suppliers and business partners at all levels and across all business units, and to comprehend business imperatives.
  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
  • In-depth knowledge of risk assessment methods and technologies.
  • Proficiency in performing risk, business impact, control and vulnerability assessments.
  • Experience with common information security management frameworks, such as ISO27001, ITIL, COBIT and National Institute of Standards and Technology (NIST).
  • Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
  • Minimum 4 years information security experience.
  • Certification from CISSP/ CISA, or similar.