Rodeo
ResourcesPartnersSign in

Tokio Marine HCC International

Third Party Cyber Risk Lead

London
Posted 15 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Job Title: Third Party Cyber Risk Lead

Position Type: Permanent

Reports To: Cyber Governance Manager

Direct Reports: None


Why Tokio Marine HCC?

Standing still is not an option in the current world of insurance. Tokio Marine HCC (TMHCC) is one of the world’s leading specialty insurers, with deep expertise in its chosen lines of business, an unparalleled track record, and a solid balance sheet. The company evaluates and manages risk like no other in the industry, balancing profit with empowerment, commitment, and innovation—delivering creative solutions for clients while growing sustainably.

About Operations

Operations sits at the heart of TMHCC, ensuring the smooth running of all business processes—from policy administration and claims handling to data, technology, and delivery. The focus is on driving efficiency to enable exceptional results. Our value statement: “Ops makes it happen.”

Operations comprises 7 functions, and this role sits within: IT

As the foundation for TMHCC’s success, the IT team enables growth, competition, and innovation through technology, security, and solution design. From shaping strategy to delivering resilient operations, they ensure every capability aligns with business value. Their inclusive and collaborative culture empowers teams to explore ideas, solve challenges, and build meaningful careers with real impact.


Job Purpose

Reporting to the Cyber Governance Manager in the Business Information Security Office, you will own and mature TMHCC International’s third-party cyber risk management processes, optimising workflows as the vendor landscape expands.

Your role involves:

  • Partnering with internal teams—such as Procurement and Legal—to prioritise risk, remediate issues, and provide clear management insights on cyber risk across the third-party portfolio.

Key Responsibilities

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

  • Own and manage the vendor security due diligence process for TMHCC International, including onboarding and continuous monitoring.
  • Establish and maintain a vendor criticality assessment process; ensure due diligence and monitoring align with vendor criticality.
  • Lead ongoing due diligence for critical and high-risk suppliers, adhering to regulatory expectations (e.g., DORA, NIS2, PRA, FCA).
  • Develop Management Information (MI) and dashboards to report security due diligence and third-party risk efforts to senior IT stakeholders and executives.
  • Embed third-party security controls into the broader vendor management process by collaborating with IT, Procurement, and Legal teams.
  • Ensure compliance with relevant regulations and standards (DORA, NIS2, CIS Controls, NIST, GDPR).
  • Provide security guidance on third-party due diligence, contract reviews, and ad-hoc vendor risk inquiries.
  • Create and maintain documentation (process guides, training materials) for vendor security risk management.
  • Stay updated on emerging third-party cyber trends, tools, and technologies.
  • Support the Cyber Governance Manager with metrics for Division IT Risk Reporting and Dashboards.
  • Escalate significant risks/issues to Cyber Governance Manager and Business Information Security Office (BISO).

Performance Objectives

  • Develop a comprehensive understanding of TMHCC’s third-party landscape and organisational controls in vendor risk management; take ownership of cyber third-party risk management.
  • Identify gaps and improvements in current cyber third-party risk processes, design mature security controls, and own implementation.

Essential Requirements

Skills and Experience

  • Experience in cyber/information security, specialising in third-party/vendor risk management.
  • Bachelor’s degree in information security, Technology Risk Management, or a related field.
  • Relevant certifications (e.g., CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) highly desirable.
  • Experience in regulated industries implementing third-party security risk controls (alignment with DORA, NIS2, PRA, FCA admissions).
  • Proven track record in designing, executing, and improving vendor security due diligence processes.
  • Strong knowledge of vendor security assessments (ISO 27001, SOC 2, CSA STAR, CAIQ, vendor questionnaires).
  • Ability to articulate technical/non-technical risks clearly to diverse stakeholders.
  • Capability to chair meetings, collaborate, and oversee vendor security initiatives across teams.
  • Influential presence as an SME (Subject Matter Expert) providing risk insights.
  • Strong analytical, conceptual, strategic planning, and execution skills.
  • Drive process improvements, manage initiatives, and demonstrate assertiveness and coordination.
  • Results-driven with a focus on measurable outcomes and growth initiatives.
  • Deep passion for championing cyber security culture and continuous learning.
  • Excellent communication skills, bridging gaps between technical and non-technical stakeholders.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Desirable

  • Experience with third-party risk management platforms or Governance, Risk, and Compliance (GRC) tools.
  • Proficiency in analysing data and shaping MI dashboards (e.g., using Power BI) for actionable insights.
  • Background in the specialty insurance/Lloyd’s market.

What We Offer

TMHCC Group provides a competitive salary and benefits package. A dynamic, forward-thriving company seeks energetic, dependable professionals to join its high-achieving team.

Understanding equality: Tokio Marine HCC Group is an equal opportunities employer. More details on www.tmhcc.com.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cyber Security
Risk Management
Vendor Management
Information Security
Regulatory Compliance
Data Analysis
Communication
Stakeholder Management
Process Improvement
Project Management
Technical Writing
Dashboard Creation
Security Assessments
Contract Review
Training Development
Emerging Technologies

Location

London, England, United Kingdom

Sign up to applySee more jobs like this