Tokio Marine Logo

Tokio Marine

Third Party Cyber Risk Lead

Posted 6 Hours Ago
Be an Early Applicant
In-Office
London, Greater London, England, GBR
Senior level
In-Office
London, Greater London, England, GBR
Senior level
Own and mature third-party cyber risk processes including onboarding and continuous monitoring, vendor criticality assessments, regulatory compliance (DORA, NIS2, PRA, FCA), MI/dashboarding, and stakeholder collaboration with Procurement and Legal. Provide contract guidance, maintain documentation and training, escalate significant risks, and drive improvements in vendor security assurance.
The summary above was generated by AI

Job Title: Third Party Cyber Risk Lead

Reporting to: Cyber Governance Manager

Direct Reports: None

Position Type: Permanent

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.

About Operations

Operations sits at the heart of TMHCC, we ensure the smooth running of all business processes — from policy administration and claims handling to data, technology, and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen.

 

Operations is made up of 7 functions, this role sits within: IT

We are the foundation for TMHCC’s success - enabling the business to grow, compete, and innovate through technology, security, and solution design. From shaping strategy to delivering resilient operations, we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas, solve meaningful challenges, and build fulfilling careers that make a real impact.

Job Purpose:

Reporting to the Cyber Governance Manager in the Business Information Security Office you will own and mature TMHCC International’s third-party cyber risk management processes, streamlining processes as the vendor landscape grows. You will partner with internal teams such as Procurement and Legal to prioritise risk, remediate issues and deliver clear management information on cyber risk across the third-party portfolio.

Key Responsibilities:

  • Own, manage, and evolve the third-party security due diligence process for TMHCC International vendors, including onboarding and continuous monitoring.

  • Establish and maintain a vendor criticality assessment process; Ensure the appropriate vendor due diligence and monitoring activities take place in accordance with vendor criticality.

  • Own and maintain ongoing due diligence requirements for critical and high-risk suppliers in line with regulatory expectations, including DORA, NIS2, PRA and FCA requirements etc.

  • Build MI and dashboards to showcase security due diligence and third-party risk management efforts for senior IT stakeholders and executives.

  • Collaborate with IT, Procurement, and Legal teams to embed third party security risk management controls into the overall vendor risk management process.

  • Ensure compliance with relevant industry regulations and standards (e.g., DORA, NIS2, CIS Controls, NIST, GDPR).

  • Provide security guidance on third party due diligence, contract reviews, and other ad-hoc vendor security risk management queries.

  • Create and maintain vendor security risk management documentation (including process documentation) and training materials.

  • Stay current on emerging vendor security trends, tools, and technologies.

  • Support the Cyber Governance Manager by providing metrics to the Divisional IT Risk Reporting and Dashboards.

  • Escalate significant cyber risks and issues as they emerge to the Cyber Governance Manager and BISO for action or information.

Performance Objectives: 

  • Develop a strong understanding on TMHCC’s third party landscape and current organisational controls used within the vendor risk management process and take on responsibility for cyber third-party risk management.

  • Identify gaps and improvement areas within the cyber third-party risk processes, develop plans to further mature cyber security controls within this area, and own the implementation of these plans going forward.

Skills and Experience Specification:

Essential:

  • Experience in cyber/information security risk roles with a focus on third-party/vendor risk management.

  • Bachelor’s degree in information security, Technology Risk Management or a related field.

  • Relevant professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor.

  • Experience in regulated industries, implementing relevant regulations and expectations for third-party security risk management.

  • Proven experience designing, running, and improving vendor security due diligence processes.

  • Strong knowledge of security assurance certifications and assessments maintained by vendors (e.g., ISO 27001, SOC 2, CSA STAR/CAIQ, vendor security questionnaires)

  • Deep understanding of and ability to articulate the risk associated with vendor risk posture to both technical and non-technical stakeholders.

  • Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance, collaboration and oversight of third-party security risk management initiatives.

  • Confidence in presenting information and acting as a source of SME knowledge and guidance.

  • Analytical, conceptual thinking, planning and execution skills.

  • Ability to drive improvements and take charge of initiatives, backed with excellent coordination strength as well as assertiveness.

  • Results-orientated and able to manage to measurable targets and desired outcomes.

  • A passion to champion a cyber security culture and continuous learning of latest cyber threat trends.

  • Strong communication skills with the ability to explain complex security issues to non-technical stakeholders.

Desirable:

  • Experience with third party risk management platforms or GRC tooling.

  • Capability and experience in building actionable MI and dashboards (e.g. using Power BI) and turning data into clear decisions and narratives.

  • Experience of the Specialty and Lloyd’s/Companies market insurance industry.

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.

The Tokio Marine HCC Group of companies is an equal opportunity employer.  Please visit www.tmhcc.com for more information about our companies.

#LI-HJ1

Similar Jobs

A Minute Ago
Hybrid
London, Greater London, England, GBR
Mid level
Mid level
Artificial Intelligence • Software
Lead end-to-end customer projects for an AI-powered insurance SaaS platform: manage timelines, stakeholders, risks, and delivery to bring pricing models and integrations live. Act as primary customer contact, translate needs to Model Development and Engineering, maintain project artefacts and governance, apply AI/automation to improve delivery, and help scale consistent, repeatable processes across the delivery function.
An Hour Ago
Remote or Hybrid
London, Greater London, England, GBR
Senior level
Senior level
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Embed with customers to design, build, and deploy production-grade LLM-enabled applications across backend, data orchestration, and frontend. Deliver reusable AI scaffolds, integrate with legacy systems, shape platform tooling, and iterate in agile field sprints while ensuring performance, observability, and secure scalable deployments.
Top Skills: AngularAWSAzureCi/CdContainersGCPGraphQLInfrastructure As CodeJavaLangchainLlm FrameworksNode.jsPrompt ChainingPythonReactRestSalesforceSemantic KernelServicenowVector DatabasesVector Search
5 Hours Ago
Remote or Hybrid
Mid level
Mid level
Artificial Intelligence • Professional Services • Business Intelligence • Consulting • Cybersecurity • Generative AI
Lead client engagements to deliver Lead-to-Cash transformations using SAP BRIM and related SAP cloud solutions. Drive solution design, stakeholder management, team coaching, and deployment of subscription and entitlement billing capabilities to enable XaaS business models.
Top Skills: Sap BrimSap C/4 MarketingSap C/4 SalesSap C/4 ServiceSap Cloud For CustomerSap CommerceSap CpqSap CrmSap Entitlement ManagementSap S/4 Sales And DistributionSap Subscription Billing

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account