Tokio Marine HCC
Third Party Cyber Risk Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Job Title: Third Party Cyber Risk Lead
Reporting to: Cyber Governance Manager Direct Reports: None Position Type: Permanent
Why Tokio Marine HCC?
Standing still is not an option in the current world of insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in chosen lines of business, an unparalleled track record, and a robust balance sheet, TMHCC evaluates and manages risk like no one else in the industry. The organisation prioritises empowering employees and delivering on commitments whilst fostering growth and innovation, tailored to client needs.
About Operations
Operations sits at the heart of TMHCC, ensuring the seamless running of all business processes—from policy administration and claims handling to data, technology, and delivery. The team drives efficiency, enabling exceptional results daily. Their value statement: "Ops makes it happen."
Operations is divided across 7 functions, and this role sits within IT.
The IT team serves as the foundation of TMHCC’s success, enabling growth, competition, and innovation through technology, security, and solution design. From shaping strategy to delivering resilient operations, its mission is to align capabilities with business value. Its inclusive and collaborative culture empowers exploration, problem-solving, and career growth with meaningful impact.
Job Purpose
Reporting to the Cyber Governance Manager within the Business Information Security Office, this role will:
- Own and mature TMHCC International’s third-party cyber risk management processes.
- Streamline processes as the vendor landscape grows.
- Partner with internal teams, such as Procurement and Legal, to prioritise risk, remediate issues, and deliver clear management information on cyber risk in the third-party portfolio.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Key Responsibilities
- Own, manage, and evolve the third-party security due diligence process, including onboarding and continuous monitoring.
- Establish and maintain a vendor criticality assessment process to ensure vendor due diligence and monitoring align with criticality.
- Regulate due diligence for critical and high-risk suppliers in compliance with regulatory expectations (e.g., DORA, NIS2, PRA, FCA).
- Build Management Information (MI) and dashboards to display security due diligence and third-party risk management efforts for senior IT and executive stakeholders.
- Collaborate with IT, Procurement, and Legal to embed third-party security risk management controls into broader vendor risk management.
- Ensure compliance with relevant industry regulations and standards (e.g., DORA, NIS2, CIS Controls, NIST, GDPR).
- Provide vendor security guidance on due diligence, contract reviews, and risk management queries.
- Develop and maintain vendor security risk management documentation, including processes and training materials.
- Stay updated on emerging vendor security trends, tools, and technologies.
- Support the Cyber Governance Manager in metrics for Divisional IT Risk Reporting and Dashboards.
- Escalate significant cyber risks/issues to the Cyber Governance Manager and Business Information Security Officer (BISO).
Performance Objectives
- Develop a deep understanding of TMHCC’s third-party landscape and current controls, taking ownership of cyber third-party risk management.
- Identify gaps and areas for improvement, crafting plans to maturity cyber security controls and overseeing execution.
Skills and Experience Specification
Essential:
- Experience in cyber/information security risk roles, with a focus on third-party/vendor risk management.
- Bachelor’s degree in information security, Technology Risk Management, or a related field.
- Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor.
- Experience in regulated industries, specialising in third-party security risk management.
- Proven expertise in designing, running, and improving vendor security due diligence processes.
- Strong knowledge of security certifications and assessments, including ISO 27001, SOC 2, CSA STAR/CAIQ, vendor security questionnaires.
- Ability to articulate risk from vendor postures to technical and non-technical stakeholders.
- Capacity to lead regular meetings, guide stakeholders, and oversee third-party security risk initiatives.
- SME presentation capability for technical and non-technical audiences.
- Analytical and conceptual thinking, with planning, execution, and improvement-driving skills.
- Results-oriented, managing measurable outcomes, and focused on owned initiatives.
- Desire to champion cyber security culture and remain updated on emerging threats.
- Effective communication skills, particularly in explaining complex issues to non-technical stakeholders.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desirable:
- Experience with third-party risk platforms or GRC tools.
- Ability to build dashboards (e.g., using Power BI) and convert data into actionable narratives.
- Experience from the Specialty/Lloyd’s market insurance industry.
What We Offer
- Competitive salary and benefits package.
- Dynamic, growing environment with opportunities for career progression.
- Equal opportunity employer with diverse and inclusive culture, valuing passion for excellence and innovation.
For more information, visit: www.tmhcc.com
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location