Cyber Security - Supplier Assurance Manager

Technology risk and compliance is a relatively new function leading the way Tesco Technology manage their risks.  We are responsible for identifying, tracking and supporting the management of risks across Technology.  The team also manages the interfaces between Technology, Group Risk, International Compliance teams, internal and external audit.

The supplier assurance team is part of the broader technology risk and compliance team. This role will provide assurance to Tesco by assessing the security risk and criticality of supplier (3^rd party) organisations that store, access, or process Tesco data, or provide a critical service.

Whilst specific responsibilities will be dependent upon the changing needs of the Tesco business, the following provides an overview of the role’s key responsibilities and measures:

• Maintain an up-to-date record of all suppliers that access, store, process and provide critical services to Tesco.
• Work with suppliers to identify and remediate risks as required.
• Undertake supplier site visits to validate the status of supplier controls.
• Maintain the supplier assurance risk register to ensure it remains relevant and up to date.
• Monitor on-going compliance of suppliers within set schedules depending on the risk profile of the supplier.
• Provide high quality risk reports, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of suppliers.
• Report metrics to Technology senior management and other key stakeholders.
• Work closely with the relevant business owners, legal and procurement to progress supplier assurance activities.
• Support Technology colleagues with queries relating to supplier assurance.

Key Skills

You’ll need to have demonstrated experience of:

• IT audit/risk management, with examples of managing technology risk and compliance within an organisation.

• Knowledge of ISO standards in relation to information security and business continuity.
• SME level expertise in respect to information security risk management processes, frameworks and procedures.
• Communicating effectively to build and maintain transparent relationships with stakeholders (including Senior Management), clearly expressing risks and recommendations.
• Critical thinking with strong attention to detail, organisation and follow up.
• Leading, planning and conducting interviews with suppliers to obtain an understanding of the area being reviewed.
• Documenting processes and key controls in association with supplier and organisational processes.
• At least one professional qualification such as CISA, CISM, ISO27001 lead auditor or CISSP is essential.

Personal

You will be able to:

• Demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organisation. 
• Build solid working relationships with stakeholders, peers and senior leadership, with an ability to influence and persuade others.
• Embrace change and be flexible, with a can do attitude.
• Plan and organise, whilst being responsive.
• Prioritise tasks logically.
• Collaborate as part of a team and bring ideas to the table. 

• An annual bonus scheme which you can achieve up to 3.5% of base salary.
• Colleague Clubcard (including a 2nd card for a family member) after 3 months service with 10% off most purchases at Tesco.
• Holiday starting at 25 days plus a personal day.
• A retirement savings plan - 4%-7.5% contribution rate.
• Life Assurance - 5 x contractual pay.
• Buy As You Earn Scheme which allows you to buy Tesco shares and save tax after 3 months of service.
• Save As You Earn Scheme which gives you the opportunity to save direct from your pay for three or five years with the option of using your savings to buy Tesco shares at a discounted price after 1 year of service.
• Access to Tesco Learning and Development Academy.
• Deals & Discounts through Tesco including Tesco Mobile & Tesco Bank.
• Deals and Discounts through many other external businesses.
• Cycle to work and Car Share Schemes.
• Onsite discounted Nuffield Health Gym.
• Subsidised Canteen.

Our business was built with a simple mission – to be the champion for customers, helping them to enjoy a better quality of life and an easier way of living. This hasn't changed. Customers want great products at great value which they can buy easily and it's our job to deliver this in the right way for them.

In the UK, we serve some 66 shoppers every second, so it's our goal to ensure every one of those customers experiences just a little better service on each visit.

We want our customers to be inspired and whatever they are looking for, we’re finding bigger and better ways to provide it.

We need people who share our ambition to deliver for our customers; passionate and confident people willing to take the initiative and drive us forwards.

If that sounds like something you’d like to be a part of, please get in touch!