Copy of Information Security Supply Chain Analyst

At S&W, we help our clients thrive by simplifying the complex, illuminating new paths, and shaping solutions that make a difference. As one of the UK's top 10 fastest-growing accountancy firms, we have been a trusted partner since 1881—helping businesses and individuals meet challenges and seize opportunities across generations.

Built on expertise and driven by ambition, we provide a comprehensive range of services, including tax and accountancy, advisory and assurance, corporate finance, and restructuring. We are defined by our purpose—to help navigate challenges, unlock potential, and achieve the extraordinary.

What will you be doing?

S&W Group is looking for an experienced Information Security Risk Professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain and working on other governance, risk and compliance projects within a team. You'll be highly motivated, pro-active and will become a productive member of a busy Information Security team, gaining exposure to a number of areas across the business.

As an Information Security Supply Chain Analyst, you'll verify that third parties meet the minimum-security requirements to protect our organisation from a supply chain related attack or incident. You'll apply relevant risk mitigations and deal with multiple stakeholders to ensure end to end treatment is applied. You'll also be part of our PMO and governance and compliance processes and will deliver updates to senior management in meetings and information security forums, whilst ensuring the business remains compliant to regulatory frameworks and good practice standards.

This role works within the Information Security Team and collaborates with other teams such as Privacy, Legal, Group Risk, Infrastructure, SecOps and Procurement, providing you with great opportunities for stakeholder engagement – it's a great time to join us at S&W.

This role is a permanent position to be based at our Liverpool, Bristol or Birmingham offices on a hybrid working pattern with minimum 2 days per week in the office.

The interview process will be in two stages and will consist of one face to face interview at the Liverpool office.

Your responsibilities will include among others

• Perform internal information security risk assessments and recommend mitigation actions to be implemented in solutions
• Perform vendor risk assessments and due diligences on third parties and recommend mitigation actions to be implemented by third parties
• Assess third party adherence to the minimum-security standards and record/track deviations or concessions
• Operate a risk-based assurance approach to ensure key third parties continue to comply with the defined security requirements
• Generate MI and reporting on third-party assessments and maintain risk profile of third parties
• Reviewing information security controls on an ongoing basis against the changing risk landscape to evaluate changes in residual risk and assess the sufficiency of the corresponding compensating control(s) or the need for new controls

Skills and Experience

To be successful in this role, you should have

• Experience in Information Security governance, risk and compliance areas
• Experience managing internal and third-party vendor risk assessments and writing risk assessment reports
• Experience reviewing risk assessments, and SOC Type II reports for completeness and have worked with suppliers to address issues/concerns
• Experience managing audit returns from clients and regulators
• Supporting Legal and Procurement Teams with complex contract reviews/negotiations and communicating security risks/impacts to various business (often non-technical) stakeholders
• Assisting writing Information Security related Policies, Processes and/or Procedures and analysing security controls

Desired

• Experience in using good practice standards such as ISO 27001, ISO 22301, ISO 9001, Cyber Essentials and NIST
• Experience in a Project Management Office
• Degree or equivalent in Information Technology or Risk Management
• Certification in Information Security domains
• Certification in cloud architectures is advantageous, especially Microsoft Azure

As a colleague here at S&W you will have access to benefits that include

• Competitive salary
• Private medical insurance
• Life assurance
• Pension contribution
• Hybrid working model (role dependent)
• Generous holiday package
• Option to purchase additional holiday
• Shared parental leave
• Fully funded training towards professional qualifications
• Cycle to work scheme
• Season ticket loan
• Eye care support

We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At S&W we have a wide range of highly active employee resource groups and we're delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workplace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.