Cyber Third Party Risk Management (TPRM) Senior Practitioner
| Posting date: | 25 November 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | £65000-70000 per annum |
| Hours: | Full time |
| Closing date: | 09 December 2025 |
| Location: | Flexible, - |
| Company: | Serco Limited |
| Job type: | Permanent |
| Job reference: | 306154-43804596 |
Summary
Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won’t be hard to find. You'll also work with great people. You’ll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.
Cyber Third Party Risk Management (TPRM) Senior Practitioner Hybrid – Flexible Base Location with UK Travel
Full Time, Permanent Band 4 / Up to £70,000 (dependent on experience)
Join Serco’s Growing Cyber Security Function
The cyber threat landscape is evolving at pace
- and Serco is investing heavily to stay ahead. With increasing reliance on diverse and fast-moving supply chains, our exposure to cyber risk is elevated. As we partner rapidly with a broad range of suppliers, the need for robust, intelligent Third Party Cyber Risk Management has never been greater.
To meet this challenge, we are establishing two Cyber TPRM Senior Practitioner roles
- brand-new positions that will play a vital part in strengthening Serco’s cyber assurance capability. These hires signal our commitment to protecting our customers, our data, and our reputation in a time of heightened threat.
If you’re a seasoned cyber assurance professional looking to make an impact in an organisation where cyber is a genuine strategic priority, this is the right move.
The Purpose of the Role
Effective cyber security is critical to Serco’s continued success. A significant breach could lead to contractual penalties, financial loss and reputational damage
- yet strong, risk-based controls can also create competitive advantage.
Much of Serco’s cyber risk lives within our supply chain. As more services are outsourced and cloud-sourced, the need for strong, scalable cyber assurance grows. These roles sit at the heart of our Cyber Third Party Risk Management (TPRM) service, ensuring Serco applies a risk-based approach to both initial and ongoing assurance of suppliers.
You will help us quickly build confidence in new partners, ask the right questions, translate technical evidence into business-focused advice, and protect the organisation from cyber threat.
As part of this you’ll:
· Take an active role in developing and continuously improving the Cyber TPRM function
· Lead cyber inherent risk triage discussions with business and technical stakeholders
· Review and assess supplier cyber assurance responses and evidence
· Conduct on-site supplier cyber compliance and physical security reviews
· Advise on cyber requirements and contract terms
· Provide risk-informed, business-focused advice to internal stakeholders
· Liaise with suppliers to agree and prioritise remedial action
· Produce succinct, accurate assessment reports, risk summaries and documentation
· Track and report on Cyber Critical Supplier risk status
· Contribute to the maintenance and development of supplier-facing Cyber policies
· Represent the TPRM function internally and externally
· Build strong working relationships across Serco’s functional teams
What you’ll need to do the role:
· 10+ years of experience in Cyber Security / Information Security / Information Assurance, including at least 3 years at senior practitioner level
· Demonstrated experience conducting supplier assurance and cyber risk management
· One or more professional security qualifications such as: CISSP / CISM, Cloud Security Practitioner or ISO 27001 Lead Implementer / Auditor
· Strong working knowledge of DPA/GDPR and common frameworks (ISO 27001, Cyber Essentials, CIS Critical Controls, NIST CSF, SOC 2)
· Excellent interpersonal and communication skills, with the ability to engage confidently with both technical and non-technical stakeholders at all levels
· Experience conducting on-site cyber and physical security assessments (highly advantageous)
· Ability to achieve BPSS clearance
Why Serco:
Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won’t be hard to find. You'll also work with great people. You’ll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.
What we offer:
· 25 days annual leave plus bank holidays
· Annual leave purchase scheme
· Up to 6% contributory pension scheme
· Flexible working options
· Serco discounts which include cinema, merlin entertainment and online shopping discounts, and discounts on mobile phone plans and leisure centre memberships
· A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Simply Health Cash Plans, and more
· A wealth of career development training to suit your future aspirations. These range from role specific training, leadership coaching, formal study and much more to support you to build your career with Serco
· A safe and supportive culture
· A company passionate about diversity and inclusion
Cyber Third Party Risk Management (TPRM) Senior Practitioner Hybrid – Flexible Base Location with UK Travel
Full Time, Permanent Band 4 / Up to £70,000 (dependent on experience)
Join Serco’s Growing Cyber Security Function
The cyber threat landscape is evolving at pace
- and Serco is investing heavily to stay ahead. With increasing reliance on diverse and fast-moving supply chains, our exposure to cyber risk is elevated. As we partner rapidly with a broad range of suppliers, the need for robust, intelligent Third Party Cyber Risk Management has never been greater.
To meet this challenge, we are establishing two Cyber TPRM Senior Practitioner roles
- brand-new positions that will play a vital part in strengthening Serco’s cyber assurance capability. These hires signal our commitment to protecting our customers, our data, and our reputation in a time of heightened threat.
If you’re a seasoned cyber assurance professional looking to make an impact in an organisation where cyber is a genuine strategic priority, this is the right move.
The Purpose of the Role
Effective cyber security is critical to Serco’s continued success. A significant breach could lead to contractual penalties, financial loss and reputational damage
- yet strong, risk-based controls can also create competitive advantage.
Much of Serco’s cyber risk lives within our supply chain. As more services are outsourced and cloud-sourced, the need for strong, scalable cyber assurance grows. These roles sit at the heart of our Cyber Third Party Risk Management (TPRM) service, ensuring Serco applies a risk-based approach to both initial and ongoing assurance of suppliers.
You will help us quickly build confidence in new partners, ask the right questions, translate technical evidence into business-focused advice, and protect the organisation from cyber threat.
As part of this you’ll:
· Take an active role in developing and continuously improving the Cyber TPRM function
· Lead cyber inherent risk triage discussions with business and technical stakeholders
· Review and assess supplier cyber assurance responses and evidence
· Conduct on-site supplier cyber compliance and physical security reviews
· Advise on cyber requirements and contract terms
· Provide risk-informed, business-focused advice to internal stakeholders
· Liaise with suppliers to agree and prioritise remedial action
· Produce succinct, accurate assessment reports, risk summaries and documentation
· Track and report on Cyber Critical Supplier risk status
· Contribute to the maintenance and development of supplier-facing Cyber policies
· Represent the TPRM function internally and externally
· Build strong working relationships across Serco’s functional teams
What you’ll need to do the role:
· 10+ years of experience in Cyber Security / Information Security / Information Assurance, including at least 3 years at senior practitioner level
· Demonstrated experience conducting supplier assurance and cyber risk management
· One or more professional security qualifications such as: CISSP / CISM, Cloud Security Practitioner or ISO 27001 Lead Implementer / Auditor
· Strong working knowledge of DPA/GDPR and common frameworks (ISO 27001, Cyber Essentials, CIS Critical Controls, NIST CSF, SOC 2)
· Excellent interpersonal and communication skills, with the ability to engage confidently with both technical and non-technical stakeholders at all levels
· Experience conducting on-site cyber and physical security assessments (highly advantageous)
· Ability to achieve BPSS clearance
Why Serco:
Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won’t be hard to find. You'll also work with great people. You’ll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.
What we offer:
· 25 days annual leave plus bank holidays
· Annual leave purchase scheme
· Up to 6% contributory pension scheme
· Flexible working options
· Serco discounts which include cinema, merlin entertainment and online shopping discounts, and discounts on mobile phone plans and leisure centre memberships
· A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Simply Health Cash Plans, and more
· A wealth of career development training to suit your future aspirations. These range from role specific training, leadership coaching, formal study and much more to support you to build your career with Serco
· A safe and supportive culture
· A company passionate about diversity and inclusion
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.