KEY RESPONSIBILITIES

You will:

• Build and maintain sustainable trusted client relationships through high-quality delivery, ensuring output exceeds client expectations.
• Conduct onsite and remote activities to advise, assess, analyse, and report in line with the engagement and client business requirements. This will involve meeting client stakeholders, conduct of documentation reviews, auditing technical solutions and systems as well as presenting information and advice to senior business partners.
• Translate the technical and non-technical findings from an assessment or exercise into relevant, actionable remediation road maps for customers.
• Responsible for adhering to all internal policy and procedures in relation to security and quality best practice.

QUALIFICATIONS

• Working knowledge of core control frameworks, such as, NIST, SANS Top 20 CSC, ISO 27001, Privacy.
• Have experience of delivering risk assessments using common risk methodologies like ISO 27005, IRAM and FAIR.
• Have experience of common compliance standards such as PCI DSS.

Work Set Up: Mid Shift, Hybrid (BGC Taguig Office)

KEY RESPONSIBILITIES

You will:

• Assess supply chain security risk: Conduct third-party and supply chain security assessments, identifying systemic risks across vendors, service providers, and technology dependencies. 

• Design supply chain security frameworks: Develop and implement supply chain security strategies aligned to standards such as NIST CSF, NIST 800-161, ISO 27036, ISO 28000, and emerging regulatory requirements. 

• Strengthen third-party risk management: Support the design and improvement of third-party risk management (TPRM) programmes, including due diligence, onboarding, assurance, and ongoing monitoring. 

• Advise on secure supplier engagement: Help clients embed security requirements into procurement processes, contracts, supplier assurance models, and service-level agreements. 

• Analyse concentration and dependency risk: Identify critical supplier dependencies, single points of failure, and cascading risk across complex supply networks. 

• Test and validate controls: Support scenario-based exercises, tabletop simulations, and risk walkthroughs focused on supplier compromise, service disruption, or geopolitical impact. 

• Engage senior stakeholders: Translate technical and operational findings into clear, business-relevant insights for executives, boards, and risk committees. 

• Collaborate across disciplines: Work alongside cyber security, resilience, legal, procurement, and operational teams to deliver integrated supply chain security outcomes. 

• Mentor and contribute: Coach junior consultants and contribute to reusable methodologies, assessment tools, and thought leadership in supply chain security. 

QUALIFICATIONS

• Strong experience in supply chain security, third-party risk, or operational risk consulting, ideally in complex enterprise environments 

• Practical understanding of vendor risk, supplier assurance, and ecosystem-level security threats 

• Familiarity with relevant standards and frameworks such as: 

• NIST SP 800-161 (Supply Chain Risk Management) 

• ISO 27036 (ICT Supply Chain Security) 

• ISO 28000 (Supply Chain Security Management) 

• NIST CSF, ISO 27001 (as applied to third parties) 

• Ability to engage confidently with technical teams, procurement, legal, risk functions, and executive leadership 

• Experience conducting risk assessments, workshops, or assurance activities with third parties

Work Set Up: Hybrid (2x onsite in BGC Taguig)
Work Schedule: Mid Shift (UK Timezone)