Third Party Security Risk Operations Lead

About the role

The Third-Party Security Risk Operations Lead is responsible for managing the day‑to‑day operational execution of Haleon's Third‑Party Security Risk Management function across all phases of the third‑party lifecycle: Onboarding, Due Diligence, Contracting, Continuous Monitoring, and Offboarding. The role leads the team that performs inherent risk reviews, segmentation, security risk assessments, remediation governance, issue tracking, re‑assessments, supplier threat monitoring, and offboarding checks. It ensures all operational activities follow documented methodologies and comply with enterprise risk, cybersecurity, procurement, and regulatory obligations. The Operations Lead serves as the primary liaison between business requestors, TPRM, Procurement, Legal, and suppliers, ensuring timely assessments, risk decisions, and contract readiness. It partners closely with the Third-Party Security Risk Product Lead to ensure that tooling, workflows, templates, and automation support operational efficiency and that processes improve continuously.

Responsibilities

• Lead the TPSRM Operations team, overseeing daily execution of onboarding, inherent risk reviews, segmentation, due diligence assessments, issue remediation management, continuous monitoring, and supplier offboarding
• Ensure high quality, consistent execution of TPSRM assessments, including validating assessment conclusions, challenge testing analyst outputs, and ensuring adherence to methodology, SLAs, and regulatory standards
• Manage remediation and issue governance, ensuring suppliers address security gaps, action plans are tracked to closure, risks are escalated appropriately, and decisions align with Haleon's risk appetite.
• Partner closely with the Third Party Security Risk Product Lead to ensure operational effectiveness of templates, questionnaires, workflows, dashboards, automation, and data quality across the full supplier lifecycle.
• Drive continual operational maturity, identifying process bottlenecks, improving cycle time, enhancing monitoring logic, maturing reassessment programs, and ensuring operational readiness for audits and regulatory reviews.
• Ability to translate operational challenges into workflow improvements and partner effectively with Product and Technology teams.
• Why you?

Requirements

• Bachelor's degree in Cybersecurity, Information Systems, Business, Risk, Engineering, or related discipline.
• Experience executing third party cybersecurity risk assessments and due diligence.
• Experience managing operational teams executing structured workflows and assessments.
• Strong knowledge of supplier security expectations, inherent risk scoring, and risk remediation governance.
• Experience working with TPRM platforms, GRC tools, assessment systems, or security questionnaires.
• Experience managing Third-Party Risk Management tools, such as OneTrust and UpGuard
• Advanced degree or specialised training in cybersecurity, risk management, or product management.
• 7-10+ years in cybersecurity, supplier assurance, or risk operations roles
• Experience in global or regulated industries (pharma, healthcare, consumer health).
• Experience working with security rating tools, continuous monitoring platforms, and automated workflow solutions
• Certifications such as CISM, CISA, CRISC, CCSK, ISO 27001 Lead Auditor
• Job Posting End Date
• 2026-06-26
• Equal Opportunities
• During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and sup

Benefits

Additional Information

Welcome to Haleon. We're a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we've grown, evolved and are now entering an exciting new chapter - one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands - including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® - lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science. Now it's time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose - to deliver better everyday health with humanity - at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at gsknch? Share your experience