Business Analyst - Third Party Cyber Security

Position: Business Analyst - Third Party Cyber Security
Location: London or Reading 2 days p/week; 3 days remote

Type: Contract, Inside IR35, 6 Months

Rate: 540 p/day (umbrella rate)

We are seeking a Business Analyst to support a major third-party cyber security transformation programme. This role focuses on improving how the organisation manages supplier and vendor cyber security risk, helping to deliver a consistent, organisation-wide approach across all business units.

You will work with Procurement, Legal, Cyber Security, and Risk teams to define critical suppliers, design frameworks for assessing risk, and improve contractual and regulatory controls. Your work will contribute to stronger governance, better audit outcomes, and a sustainable, data-driven approach to third-party cyber risk.

Key Responsibilities:

• Develop and implement frameworks to identify, classify, and assess critical suppliers
• Support business units in applying the framework and consolidating outputs into a group-wide view
• Analyse contract language and support creation of standardised, risk-aligned clauses
• Provide business analysis expertise across additional third-party cyber initiatives

Skills & Experience:

• Proven ability to gather and translate requirements into structured outputs
• Experience in risk, cyber, or procurement domains and designing frameworks/models
• Strong analytical mindset with excellent stakeholder engagement skills
• Familiarity with cyber security regulations (GDPR, NIS2, DORA) and third-party standards (ISO 27001/27036)

This role is ideal for someone who enjoys driving consistency, shaping processes, and supporting strategic cyber initiatives across an organisation.