Third Party Security Risk Analyst

About the role

The Third-Party Security Risk Analyst is responsible for performing high‑quality third‑party cybersecurity risk assessments and continuous monitoring activities across the full supplier lifecycle, including Onboarding, Due Diligence, Contracting, Continuous Monitoring, and Offboarding. The role conducts inherent risk reviews, detailed due‑diligence assessments, evaluates supplier controls, identifies security gaps, and works with suppliers and internal teams to define remediation plans. The Analyst also supports ongoing monitoring activities, including periodic reassessments, threat‑driven reviews, incident follow‑ups, and supplier offboarding validation. The Analyst works closely with the Third-Party Security Risk Operations Lead to ensure consistent execution of methodologies, adherence to SLAs, high‑quality documentation, and accurate risk reporting.

Responsibilities

• Execute TPSRM activities across the full lifecycle, including onboarding risk segmentation, due diligence assessments, contracting security review, continuous monitoring tasks, and supplier offboarding checks.
• Perform detailed third-party cybersecurity risk assessments, analyzing supplier responses, evaluating inherent and residual risks, validating supporting evidence, and documenting findings in accordance with TPSRM methodology.
• Identify security gaps and support remediation governance, including proposing remediation actions, tracking supplier commitments, validating closure evidence, and escalating overdue or high-risk items.
• Support continuous monitoring, conducting periodic reassessments, reviewing supplier security alerts/events, following up on incidents, and supporting onsite visit preparation where required.
• Coordinate operational interactions with suppliers, business requestors, Procurement, TPRM, Legal, and security engineering teams, ensuring that assessments and risk decisions are completed efficiently and accurately.
• Maintain high quality documentation, ensuring that assessments, remediation plans, evidence, risk ratings, and decisions are accurate, complete, consistent, and audit ready.
• Business Expertise
• Working knowledge of cybersecurity principles, supplier security requirements, and due‑diligence processes.
• Understanding of cybersecurity frameworks such as ISO 27001, SOC 2, NIST CSF, CIS Controls, and cloud/data‑protection standards.
• Familiarity with supplier assurance tools, TPRM platforms, GRC systems, and standardized assessment questionnaires (e.g., SIG/CAIQ).
• Knowledge of procurement processes, contracting considerations, and vendor management best practices.
• Ability to analyze complex technical information, interpret evidence, and derive well‑reasoned risk conclusions.
• Problem Solving:
• Evaluates incomplete or inconsistent information provided by suppliers and applies judgement to determine risk impacts and required remediation.
• Balances the need for timely supplier onboarding with maintaining strong cybersecurity controls and adherence to risk tolerance thresholds.
• Works across multiple stakeholder groups to resolve questions, clarify requirements, and address blockers related to supplier controls or contracting constraints.
• Identifies patterns or recurring weaknesses across suppliers and proposes improvements to questionnaires, workflows, templates, and guidance.
• Nature & Area of Impact:
• Directly influences Haleon's third‑party cyber risk posture by assessing the security of suppliers and identifying risks that could impact data protection, business continuity, or regulatory compliance.
• Supports business demand by ensuring timely and accurate delivery of assessments that enable contracting and onboarding decisions.
• Ensures that remediation plans are clear and effective, reducing ongoing operational and cyber risk exposure.
• Supports audit readiness through proper documentation and evidence‑based risk decisions.
• Interactions / Interpersonal Skills:
• Interacts frequently with suppliers to obtain evidence, clarify responses, and validate remediation progress.
• Works closely with internal stakeholders incl

Benefits

Additional Information

Welcome to Haleon. We're a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we've grown, evolved and are now entering an exciting new chapter - one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands - including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® - lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science. Now it's time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose - to deliver better everyday health with humanity - at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at gsknch? Share your experience