Third Party Assurance Specialist

Date: 10-Nov-2021

Location: GB, S49 1HQ

Company: Royal Mail Group

Job reference number 228621


Third Party Assurance Specialist


Full time


UK Remote

Job title – Third Party Assurance Specialist

We’re passionate about harnessing technology to deliver the best possible results for customers. The business is in an exciting period of transformation and here, within security, we are influencing and helping drive that change as new services and ways of working are defined and delivered. 
With a proud history of serving the UK, Royal Mail has been able to thrive by continuously adapting and adopting advanced technology and, with over 30 million customer touch points per day, 25,000 end user computers, 70,000 PDA’s supported by both on premise and Cloud platforms - we operate at scale.


At Royal Mail Security, we have a leading role in taking the next steps. Our customer and workplace vision for the future is ‘Anytime, Anywhere, Any Device’ and security are a key enabler to accelerating that change and providing safe and secure services – this is the future for our workplace and not just a pandemic response.

With so much growth in parcels and e-commerce and the technology used to deliver our services, we need talented, change focussed people, like you, to help us get there. We know how to support business and communities - and we need to be agile to enable the business to achieve our goals. We’re focusing on investing in the security, technology, processes and people that are going to help us achieve great things together. By joining the RMG Security team, you will be driving meaningful change, pushing forward our transformation as an agile and customer focused team. We face new challenges every day. But we overcome them together, which brings incredible satisfaction and reward as we deliver more innovation, products and essential services for the UK and our customers.

Job Purpose


The Third Party Assurance Specialist is responsible for assisting the implementation of Cyber Security at RMG, the management of governance, and reporting channels to senior stakeholders reporting to the Cyber Security Governance Manager. To succeed the role holder needs to be able to understand the Cyber Security threats facing RMG and provide input into the strategies, short, medium and longer term to mitigate the risk to some areas of the business, relating to 3rd parties, which involves engaging with mid and senior leaders.


In this role, your key accountabilities will be:


  • Strategic Support. Provide guidance to support the delivery of projects and workstreams in support of our Cyber strategy and transformation program and ensure that Cyber Security is being managed in line with the Board’s Risk appetite.
  • Stakeholder management. Able to support the engagement and influencing of middle and senior managers across the business with the ability to explain complex issues in simple language, and to stimulate second and third order thinking (i.e. what does this information mean to us as a business and therefore our risk picture vs our appetite?). This includes minuting meetings and preparing metrics against KPIs.
  • Governance management. Supporting the definition, management and improvement of governance structures and reporting channels, including attending key meetings, defining reporting frameworks and delivering insights to stakeholders to influence decision making.
  • Cyber Security Standards Management. Lead the management, communication and adoption of effective Cyber Security Standards for RMG. Ensure alignment with policies and manage exceptions to Standards in close collaboration with IT stakeholders, RMG supplier managers and Second Line.
  • Control Framework Management. Assisting the definition and maintenance of the cyber security controls framework in line with Standards. Help to enable technology owners, architects, project managers and Cyber Security team members to consider alternative controls to mitigate risk.
  • Third Party Cyber Security management. RMG sets policies and standards for its third parties. This role ensures that we are enabling the business to succeed whilst managing Cyber Security risk within acceptable tolerances. 
  • Cyber Security Awareness. In partnership with the InfoSec Compliance team, contribute to the delivery of a comprehensive Cyber Security Awareness Campaign ensuring continual improvement and effective monitoring
  • Technical expertise. This role will contribute to the definition and implementation of Cyber Security controls across multiple technologies, technical interdependencies and data flows.
  • Regulatory compliance. Assisting the Cyber Security understanding and implementation of controls to meet requirements, and the significance of non-compliance, to defined internal polices and externally mandated regulation to RMG, its suppliers and its customers.


Qualifications and experience required:


  • Good understanding of Cyber Security management and practices. 
  • Good understanding of risk assessment and management methodologies.
  • Agility of thought and comfort with complexity, together with the patience and resilience to drive change through. 
  • The will to succeed in support of the business’ goals and to align potentially competing agendas to effectively manage Cyber Security within the business risk appetite.
  • Willing to develop and gain further experience


Advantageous Qualifications:


  • None required, the role holder will work towards CRISC under RMG’s sponsorship and support
  • Good knowledge of Microsoft Office applications and Visio



We are an inclusive employer with equality, diversity and fairness at the heart of our values and we’re proud to be recognised in The Times Top 50 Employers for Women 2020 for a 7th consecutive year. We welcome applications from individuals from diverse backgrounds and are committed to promoting fair participation and equality of opportunity for all our job applicants. 
We are happy to support flexible working and would welcome having a conversation with you about how we could support your needs.
We are an inclusive employer with equality, diversity and fairness at the heart of our values.  We welcome applications from individuals from all different backgrounds and are committed to promoting fair participation and equality of opportunity for all our job applicants.


For more information on Royal Mail Group click here


Job Segment: Cyber Security, Security