Rodeo
ResourcesPartnersSign in

Tokio Marine HCC

Third Party Cyber Risk Lead

London
Posted 14 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Job Title: Third Party Cyber Risk Lead

Reporting to: Cyber Governance Manager Direct Reports: None Position Type: Permanent


Why Tokio Marine HCC?

Standing still is not an option in the current world of insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in chosen lines of business, an unparalleled track record, and a robust balance sheet, TMHCC evaluates and manages risk like no one else in the industry. The organisation prioritises empowering employees and delivering on commitments whilst fostering growth and innovation, tailored to client needs.


About Operations

Operations sits at the heart of TMHCC, ensuring the seamless running of all business processes—from policy administration and claims handling to data, technology, and delivery. The team drives efficiency, enabling exceptional results daily. Their value statement: "Ops makes it happen."

Operations is divided across 7 functions, and this role sits within IT.

The IT team serves as the foundation of TMHCC’s success, enabling growth, competition, and innovation through technology, security, and solution design. From shaping strategy to delivering resilient operations, its mission is to align capabilities with business value. Its inclusive and collaborative culture empowers exploration, problem-solving, and career growth with meaningful impact.


Job Purpose

Reporting to the Cyber Governance Manager within the Business Information Security Office, this role will:

  • Own and mature TMHCC International’s third-party cyber risk management processes.
  • Streamline processes as the vendor landscape grows.
  • Partner with internal teams, such as Procurement and Legal, to prioritise risk, remediate issues, and deliver clear management information on cyber risk in the third-party portfolio.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Key Responsibilities

  • Own, manage, and evolve the third-party security due diligence process, including onboarding and continuous monitoring.
  • Establish and maintain a vendor criticality assessment process to ensure vendor due diligence and monitoring align with criticality.
  • Regulate due diligence for critical and high-risk suppliers in compliance with regulatory expectations (e.g., DORA, NIS2, PRA, FCA).
  • Build Management Information (MI) and dashboards to display security due diligence and third-party risk management efforts for senior IT and executive stakeholders.
  • Collaborate with IT, Procurement, and Legal to embed third-party security risk management controls into broader vendor risk management.
  • Ensure compliance with relevant industry regulations and standards (e.g., DORA, NIS2, CIS Controls, NIST, GDPR).
  • Provide vendor security guidance on due diligence, contract reviews, and risk management queries.
  • Develop and maintain vendor security risk management documentation, including processes and training materials.
  • Stay updated on emerging vendor security trends, tools, and technologies.
  • Support the Cyber Governance Manager in metrics for Divisional IT Risk Reporting and Dashboards.
  • Escalate significant cyber risks/issues to the Cyber Governance Manager and Business Information Security Officer (BISO).

Performance Objectives

  • Develop a deep understanding of TMHCC’s third-party landscape and current controls, taking ownership of cyber third-party risk management.
  • Identify gaps and areas for improvement, crafting plans to maturity cyber security controls and overseeing execution.

Skills and Experience Specification

Essential:

  • Experience in cyber/information security risk roles, with a focus on third-party/vendor risk management.
  • Bachelor’s degree in information security, Technology Risk Management, or a related field.
  • Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor.
  • Experience in regulated industries, specialising in third-party security risk management.
  • Proven expertise in designing, running, and improving vendor security due diligence processes.
  • Strong knowledge of security certifications and assessments, including ISO 27001, SOC 2, CSA STAR/CAIQ, vendor security questionnaires.
  • Ability to articulate risk from vendor postures to technical and non-technical stakeholders.
  • Capacity to lead regular meetings, guide stakeholders, and oversee third-party security risk initiatives.
  • SME presentation capability for technical and non-technical audiences.
  • Analytical and conceptual thinking, with planning, execution, and improvement-driving skills.
  • Results-oriented, managing measurable outcomes, and focused on owned initiatives.
  • Desire to champion cyber security culture and remain updated on emerging threats.
  • Effective communication skills, particularly in explaining complex issues to non-technical stakeholders.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desirable:

  • Experience with third-party risk platforms or GRC tools.
  • Ability to build dashboards (e.g., using Power BI) and convert data into actionable narratives.
  • Experience from the Specialty/Lloyd’s market insurance industry.

What We Offer

  • Competitive salary and benefits package.
  • Dynamic, growing environment with opportunities for career progression.
  • Equal opportunity employer with diverse and inclusive culture, valuing passion for excellence and innovation.

For more information, visit: www.tmhcc.com

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Third Party Risk Management
Cyber Security Due Diligence
Vendor Criticality Assessment
Regulatory Compliance
Risk Remediation
Stakeholder Management
Security Assurance
Contract Review
MI Reporting
Analytical Thinking
Project Execution
Communication Skills

Location

London, England, United Kingdom

Sign up to applySee more jobs like this