IT Risk Manager Vendor Mangement

Your new company
You will work for a globally recognised and highly acclaimed retail organisation, with a network of sites across both the UK & Europe. This organisation prides themselves on being recognised for their investment model, trading performance and providing best-in-class customer experience. Every day, their committed workforce tirelessly delivers their products and services to millions of customers alongside supporting the local communities in which they operate.
Your new role
In your new role you will take full ownership of IT Vendor processes, controls and monitoring. As part of this responsibility, you will manage the IT Vendor inventory and associated controls. Additionally, you'll assist in the vendor assurance processes including onboarding, offboarding, and assessing criticality to the organisation. It's crucial to diligently review contracts and stay up to date with renewals. You'll also facilitate and run IT vendor meetings, providing essential support during negotiations, due diligence, and service renewals.
As the leader in IT Vendor Risk Management and Governance, you will aim to enforce measurable effectiveness and foster a culture of continual improvement. Ensuring that contractual obligations, service levels, and delivery expectations are met across all key suppliers is crucial. You meticulously review supplier performance, particularly through 3rd party assurance reports (such as SOC2), identifying IT control gaps and providing robust remediation plans. Coordinating annual supplier risk assessments based on service criticality is essential. Collaborating with internal stakeholders, you ensure key suppliers adapt to changing needs while maintaining service stability. Your role involves driving remedial actions related to service, performance, risk, and control improvements, measurable effectiveness and fostering a culture of continual improvement. Ensuring that contractual obligations, service levels, and delivery expectations are met across all key suppliers is crucial. Coordinating annual supplier risk assessments based on service criticality is essential. Collaborating with internal stakeholders, you ensure key suppliers adapt to changing needs while maintaining service stability. Your role involves driving remedial actions related to service, performance, risk, and control improvements.

What you'll need to succeed
To succeed, I am seeking a qualified candidate with a minimum of 4 years of experience working with or within IT internal audit/external audit teams, preferably within a big 4 or similar environment. The ideal candidate should be confident in designing IT General Controls across access, change, and operations domains. Familiarity with IT Control Frameworks, including COBIT and ITIL, is essential. Proficiency in IT control testing, planning, management, and quality assurance to meet external audit standards is crucial. You should also be comfortable performing IT Risk Assessments across various IT domains.
Desirable knowledge includes auditing or designing controls for ERP systems, particularly SAP. Additionally, you should excel in issues/action management, developing mitigation and remediation strategies. You must be organised, methodical, and capable of managing multiple projects simultaneously with minimal supervision and Knowledge of Sarbanes Oxley (SOX) is beneficial, and professional qualifications such as CISA or CRISC are preferred. Alternatively, if you have demonstrated time-served experience, you will also be considered. Familiarity with ITIL and COBIT knowledge areas would be advantageous, as would a background in Service Management, Cyber, or IT Project Management.
What you'll get in return
In return, you will work for a thriving organisation on a salary of £55,000 - £65,000 with a range of additional benefits including:
- performance based bonus schemes
- Employee life assurance
- Smart Health
- Flexi-time
- Learning and development + many more
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk