Third Party Security Risk Product Lead

About the role

The Third-Party Security Risk Product Lead is accountable for designing, developing, and governing the end‑to‑end Third Party Security Risk Management (TPSRM) product ecosystem, including the supporting tools, platforms, methodologies, assessment frameworks, templates, workflows, and automation that enable secure and efficient third‑party risk lifecycle management. This role ensures that the TPSRM product meets business needs throughout all lifecycle stages covering Onboarding, Due Diligence, Contracting, Continuous Monitoring, and Offboarding, including inherent risk segmentation, assessment methodologies, contract control requirements, monitoring logic, and decommissioning processes. The role defines product strategy, roadmaps, and enhancement priorities, ensuring TPSRM tooling integrates seamlessly with TPRM, Procurement, Legal, and Information Security systems. The Product Lead partners closely with the Third-Party Security Risk Operations Lead, ensuring that operations teams have the tools, workflows, training, and data necessary to efficiently execute assessments, remediation governance, issue tracking, continuous monitoring, and offboarding activities. The role also ensures that KPIs, KRIs, dashboards, and reporting capabilities are robust, reliable, and aligned to enterprise governance.

Responsibilities

• Own and manage the Third-Party Security Risk Product, including its roadmap, features, workflows, assessment templates, inherent risk models, and integration points across the third party lifecycle.
• Design, maintain, and enhance TPSRM methodologies, including inherent risk scoring, segmentation logic, due diligence assessment frameworks, risk acceptance criteria, and continuous monitoring models.
• Partner with the Third-Party Security Risk Operations Lead to ensure operational workflows, tooling, questionnaires, dashboards, and automation meet process needs across onboarding, assessment, contracting, monitoring, and offboarding.
• Define and maintain contractual security requirements and support Procurement and Legal during supplier contracting, including ensuring correct control clauses, remediation plans, and risk acceptance criteria.
• Drive technology enablement, including workflow automation, integrations (e.g., TPRM systems, procurement tools, GRC platforms), analytics, and dashboards to improve process efficiency, quality, and scalability.
• Continuously improve TPSRM capabilities by monitoring emerging risks, regulatory changes, threat trends, and industry best practices, ensuring the product evolves to maintain strong security outcomes and strategic alignment.
• Why you?

Requirements

• Bachelor's degree in Cybersecurity, Information Systems, Business, Risk, Engineering, or related discipline.
• Experience in Third Party Security Risk Management or Supplier Risk programs.
• 12 -18 years of relevant experience.
• Experience working with TPRM platforms and GRC tools.
• Experience managing Third-Party Risk Management tools, such as OneTrust and UpGuard.
• Experience working with assessment questionnaires, security standards, and supplier engagement.
• Experience managing or improving workflows, templates, automation, or GRC tools that support third‑party risk.
• Strong understanding of technology risk, threat modelling, and cybersecurity fundamentals.
• Advanced degree or specialised training in cybersecurity, risk management, or product management.
• Prior experience as a Product Owner, Product Manager, or tooling/process owner in a GRC or cybersecurity domain.
• Experience in highly regulated industries (healthcare, pharma, consumer health).
• Experience with continuous monitoring tools, vendor intelligence platforms, and automated due diligence workflows.
• Certifications such as CISM, CISA, CRISC, CCSK, or Product Owner (CSPO).
• Job Posting End Date
• 2026-06-26
• Equal Opportunities
• Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where dif

Benefits

Additional Information

Welcome to Haleon. We're a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we've grown, evolved and are now entering an exciting new chapter - one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands - including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® - lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science. Now it's time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose - to deliver better everyday health with humanity - at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at gsknch? Share your experience