Job Description

Key Responsibilities:

• Assess supply chain security risk: Conduct third-party and supply chain security assessments, identifying systemic risks across vendors, service providers, and technology dependencies. 

• Design supply chain security frameworks: Develop and implement supply chain security strategies aligned to standards such as NIST CSF, NIST 800-161, ISO 27036, ISO 28000, and emerging regulatory requirements. 

• Strengthen third-party risk management: Support the design and improvement of third-party risk management (TPRM) programmes, including due diligence, onboarding, assurance, and ongoing monitoring. 

• Advise on secure supplier engagement: Help clients embed security requirements into procurement processes, contracts, supplier assurance models, and service-level agreements. 

• Analyse concentration and dependency risk: Identify critical supplier dependencies, single points of failure, and cascading risk across complex supply networks. 

• Test and validate controls: Support scenario-based exercises, tabletop simulations, and risk walkthroughs focused on supplier compromise, service disruption, or geopolitical impact. 

• Engage senior stakeholders: Translate technical and operational findings into clear, business-relevant insights for executives, boards, and risk committees. 

• Collaborate across disciplines: Work alongside cyber security, resilience, legal, procurement, and operational teams to deliver integrated supply chain security outcomes. 

• Mentor and contribute: Coach junior consultants and contribute to reusable methodologies, assessment tools, and thought leadership in supply chain security. 

Qualifications:

• Strong experience in supply chain security, third-party risk, or operational risk consulting, ideally in complex enterprise environments 

• Practical understanding of vendor risk, supplier assurance, and ecosystem-level security threats 

• Familiarity with relevant standards and frameworks such as: 

• NIST SP 800-161 (Supply Chain Risk Management) 

• ISO 27036 (ICT Supply Chain Security) 

• ISO 28000 (Supply Chain Security Management) 

• NIST CSF, ISO 27001 (as applied to third parties) 

• Ability to engage confidently with technical teams, procurement, legal, risk functions, and executive leadership 

• Experience conducting risk assessments, workshops, or assurance activities with third parties

Work Set Up: Hybrid (2x onsite in BGC Taguig), Mid Shift (UK Timezone)