Third Party Cyber Risk Lead

Posted 10 Hours Ago
Be an Early Applicant
London, Greater London, England, GBR
In-Office
Senior level
Insurance
The Role
Own and mature third-party cyber risk processes including onboarding and continuous monitoring, vendor criticality assessments, regulatory compliance (DORA, NIS2, PRA, FCA), MI/dashboarding, and stakeholder collaboration with Procurement and Legal. Provide contract guidance, maintain documentation and training, escalate significant risks, and drive improvements in vendor security assurance.
Summary Generated by Built In

Job Title: Third Party Cyber Risk Lead

Reporting to: Cyber Governance Manager

Direct Reports: None

Position Type: Permanent

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.

About Operations

Operations sits at the heart of TMHCC, we ensure the smooth running of all business processes — from policy administration and claims handling to data, technology, and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen.

 

Operations is made up of 7 functions, this role sits within: IT

We are the foundation for TMHCC’s success - enabling the business to grow, compete, and innovate through technology, security, and solution design. From shaping strategy to delivering resilient operations, we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas, solve meaningful challenges, and build fulfilling careers that make a real impact.

Job Purpose:

Reporting to the Cyber Governance Manager in the Business Information Security Office you will own and mature TMHCC International’s third-party cyber risk management processes, streamlining processes as the vendor landscape grows. You will partner with internal teams such as Procurement and Legal to prioritise risk, remediate issues and deliver clear management information on cyber risk across the third-party portfolio.

Key Responsibilities:

  • Own, manage, and evolve the third-party security due diligence process for TMHCC International vendors, including onboarding and continuous monitoring.

  • Establish and maintain a vendor criticality assessment process; Ensure the appropriate vendor due diligence and monitoring activities take place in accordance with vendor criticality.

  • Own and maintain ongoing due diligence requirements for critical and high-risk suppliers in line with regulatory expectations, including DORA, NIS2, PRA and FCA requirements etc.

  • Build MI and dashboards to showcase security due diligence and third-party risk management efforts for senior IT stakeholders and executives.

  • Collaborate with IT, Procurement, and Legal teams to embed third party security risk management controls into the overall vendor risk management process.

  • Ensure compliance with relevant industry regulations and standards (e.g., DORA, NIS2, CIS Controls, NIST, GDPR).

  • Provide security guidance on third party due diligence, contract reviews, and other ad-hoc vendor security risk management queries.

  • Create and maintain vendor security risk management documentation (including process documentation) and training materials.

  • Stay current on emerging vendor security trends, tools, and technologies.

  • Support the Cyber Governance Manager by providing metrics to the Divisional IT Risk Reporting and Dashboards.

  • Escalate significant cyber risks and issues as they emerge to the Cyber Governance Manager and BISO for action or information.

Performance Objectives: 

  • Develop a strong understanding on TMHCC’s third party landscape and current organisational controls used within the vendor risk management process and take on responsibility for cyber third-party risk management.

  • Identify gaps and improvement areas within the cyber third-party risk processes, develop plans to further mature cyber security controls within this area, and own the implementation of these plans going forward.

Skills and Experience Specification:

Essential:

  • Experience in cyber/information security risk roles with a focus on third-party/vendor risk management.

  • Bachelor’s degree in information security, Technology Risk Management or a related field.

  • Relevant professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor.

  • Experience in regulated industries, implementing relevant regulations and expectations for third-party security risk management.

  • Proven experience designing, running, and improving vendor security due diligence processes.

  • Strong knowledge of security assurance certifications and assessments maintained by vendors (e.g., ISO 27001, SOC 2, CSA STAR/CAIQ, vendor security questionnaires)

  • Deep understanding of and ability to articulate the risk associated with vendor risk posture to both technical and non-technical stakeholders.

  • Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance, collaboration and oversight of third-party security risk management initiatives.

  • Confidence in presenting information and acting as a source of SME knowledge and guidance.

  • Analytical, conceptual thinking, planning and execution skills.

  • Ability to drive improvements and take charge of initiatives, backed with excellent coordination strength as well as assertiveness.

  • Results-orientated and able to manage to measurable targets and desired outcomes.

  • A passion to champion a cyber security culture and continuous learning of latest cyber threat trends.

  • Strong communication skills with the ability to explain complex security issues to non-technical stakeholders.

Desirable:

  • Experience with third party risk management platforms or GRC tooling.

  • Capability and experience in building actionable MI and dashboards (e.g. using Power BI) and turning data into clear decisions and narratives.

  • Experience of the Specialty and Lloyd’s/Companies market insurance industry.

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.

The Tokio Marine HCC Group of companies is an equal opportunity employer.  Please visit www.tmhcc.com for more information about our companies.

#LI-HJ1

Skills Required

  • Experience in cyber/information security risk roles with a focus on third-party/vendor risk management
  • Bachelor's degree in information security, Technology Risk Management or a related field
  • Relevant professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor
  • Experience in regulated industries, implementing third-party security risk management regulatory expectations
  • Proven experience designing, running, and improving vendor security due diligence processes
  • Strong knowledge of vendor security assurance certifications and assessments (ISO 27001, SOC 2, CSA STAR/CAIQ)
  • Ability to articulate vendor risk to technical and non-technical stakeholders
  • Ability to coordinate and chair meetings and workshops with multiple stakeholders
  • Confidence in presenting information and acting as an SME
  • Analytical, conceptual thinking, planning and execution skills
  • Ability to drive improvements, take charge of initiatives, and strong coordination/assertiveness
  • Results-orientated and able to manage to measurable targets and desired outcomes
  • Passion to champion cyber security culture and continuous learning of cyber threat trends
  • Strong communication skills to explain complex security issues to non-technical stakeholders
  • Experience with third party risk management platforms or GRC tooling
  • Capability and experience in building actionable MI and dashboards (e.g., Power BI)
  • Experience of the Specialty and Lloyd's/Companies market insurance industry

Tokio Marine Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Tokio Marine and has not been reviewed or approved by Tokio Marine.

  • Healthcare Strength Medical options include established carriers with PPO and HDHP choices, plus dental, vision, pharmacy, telehealth, and condition‑specific programs for comprehensive access. An employee assistance program and mental‑wellbeing resources further reinforce day‑to‑day support.
  • Retirement Support A 401(k) with company match and employer‑paid life and disability coverage strengthen long‑term financial security. Careers materials and recent updates signal continued attention to retirement and protection benefits.
  • Wellbeing & Lifestyle Benefits Wellness incentives, fitness access, and a holistic “body, mind, wallet, life” framework expand total‑rewards value beyond insurance alone. Paid volunteer time and community programs add lifestyle‑oriented benefits aligned with purpose.

Tokio Marine Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
Houston, Texas
2,600 Employees

What We Do

Tokio Marine HCC can help you or your clients be prepared for unpredictable weather patterns. Event weather insurance protects revenue losses caused by adverse weather conditions that reduce attendance and the sales of concessions, food and parking.

Similar Jobs

Mondelēz International Logo Mondelēz International

Artworker (FTC 6 Months) - Grenade

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Birmingham, West Midlands, England, GBR
90000 Employees

Mondelēz International Logo Mondelēz International

Change Manager o9 MEU, Demand Planning

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
9 Locations
90000 Employees

Mondelēz International Logo Mondelēz International

Cadbury Social Media and Website Manager (24 months FTC)

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Hybrid
Uxbridge, Greater London, England, GBR
90000 Employees

Wise Logo Wise

Executive Assistant

Fintech • Mobile • Payments • Software • Financial Services
Hybrid
London, Greater London, England, GBR
9000 Employees

Similar Companies Hiring

Globe Life Thumbnail
Insurance • Financial Services
McKinney, TX
3000 Employees
MassMutual India Thumbnail
Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana
Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account