Third Party Security Risk Consultant

**Third Party Security Risk management - Portugal**

Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Naples and Cape Town—we support more than 2,500 clients across a wide range of industries.

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence.

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we’d love to hear from you.

**Job Role / Responsibilities**

Integrity360 is seeking a_ _Third Party Security Risk Consultant to join our Cyber Risk & Assurance department who will be based in Portugal, who has an interest in the Information Security field. As a Third-Party Security Risk Consultant, you will be embedded within a high-profile client environment in the entertainment industry, serving as a key member of the security team. In this role, you will work directly with client stakeholders to evaluate and manage third-party security risks across a dynamic and fast-paced ecosystem. This position requires strong communication skills, sound judgment, and the ability to navigate complex vendor relationships while upholding the client’s security and compliance standards.

**Primary Duties/Responsibilities Include**:

- Conduct comprehensive third-party risk assessments to evaluate the security posture of vendors, partners, and service providers.
- Develop and maintain third-party security risk assessment processes aligned with industry standards.
- Collaborate with stakeholders (Legal, Procurement, IT, Compliance) to evaluate, mitigate, and monitor third-party risks.
- Review security documentation including questionnaires, penetration tests, vulnerability scans, and audit reports to ensure compliance with security requirements.
- Communicate risk findings clearly and effectively to technical and non-technical stakeholders, including executives.
- Track and manage remediation efforts with third parties, ensuring timely resolution of identified risks.
- Maintain and update third-party risk registers and reporting metrics for ongoing monitoring and compliance.
- Assist with the development and enforcement of security policies, standards, and procedures related to vendor management.
- Stay current on emerging third-party risk trends, threats, and best practices, especially those affecting the entertainment and media industries.

**Desired Skills and Qualifications**:

- Minimum 3 years of experience in third-party/vendor risk management, information security, or a related field.
- Strong knowledge of information security concepts, frameworks, and regulatory requirements (e.g., ISO27001, NIST CSF, NIST 800-171R3, Cyber Essentials, CIS CSC 18 etc.).
- Familiarity with third-party risk management tools and platforms (e.g., ProcessUnity, OneTrust, RSA Archer, BitSight, black Kite, SecurityScorecard).
- Exceptional analytical and critical thinking skills with the ability to assess complex security documentation.
- Excellent communication and interpersonal skills; ability to work cross-functionally in a fast-paced, high-stakes environment.
- Experience supporting clients in media, entertainment, or other high-profile industries is highly desirable.

**Languages**
- Fluent English speaker (mandatory)
- French (Desired)
- Portuguese (Desired)
- Spanish (Desired)

**Qualifications (Desirable)**
- Relevant certifications such as CISA, CISM, CRISC, CISSP, or vendor risk-specific credentials are a plus.
- Educated to Degree Level desirable in security or related field.
- Technical Qualification in the IT Infrastructure field desirable but not necessary