TPRM Principal Security Consultant
Salary: Up to £80,000
Location: London, 3 days a week onsite, 2 days remote
No sponsorship available with this role.
Job Purpose
The title does not truly summarise the role, this is a Technical Consulting role, consulting into the internal TPRM team.
The TPRM Principal Security Consultant acts as a trusted advisor to senior stakeholders, ensuring the security of a wide range of technical integrations with third‑party suppliers. The role provides risk-based assessments and supports mitigation strategies for complex third-party engagements.
You will embed Secure-by-Design principles across all activities and ensure risks are effectively understood, communicated, and managed.
The role involves building strong relationships across engineering and leadership teams, supporting a global third-party landscape spanning multiple business units, including digital platforms, retail operations, and external partners.
You will help shape strategy, oversee security assessments, establish governance models, and collaborate across security, risk, procurement, legal, and compliance functions to enhance third-party risk management practices.
Scope of the Role
- Scope: Enterprise-wide third-party portfolio
- Function: Information Security
- Focus: Governance, Risk, and Security
Key Accountabilities & Responsibilities
- Own the InfoSec relationship for assigned third-party portfolios to enable risk-aware decision-making
- Act as a trusted advisor to both technical and non-technical stakeholders
- Identify when additional support is required from Security Architecture, Engineering, or Design teams and coordinate engagement
- Lead technical security risk assessments and provide guidance aligned to industry frameworks and Secure-by-Design principles
- Oversee supplier onboarding risk assessments and ongoing monitoring activities
- Ensure intelligence and security insights are shared with relevant internal functions (e.g. threat modelling, cyber intelligence)
- Collaborate with GRC teams on risk, compliance, and assurance activities
- Provide mentorship and technical guidance to team members
- Communicate effectively with stakeholders at all levels, including senior leadership
Key Experience
Essential
- Strong knowledge across at least two security domains, with working knowledge of others, such as:
- Application Security
- Network Security
- Infrastructure Security
- Cloud Security
- Endpoint Security
- IoT / Operational Technology Security
- Demonstrated experience with risk assessment methodologies and compliance frameworks
- ~6+ years in technology, including at least 2 years in a senior security or engineering role
- Experience working within complex technical environments
Desirable
- Relevant certifications (e.g. CISSP, CISM, CRISC, CCSP, CCSK)
- Cloud or enterprise architecture qualifications
- Degree in Computer Science, Cyber Security, or related field
Key Stakeholders
- Information Security (Engineering, Architecture, Risk & Compliance, Cyber Defence)
- Technology teams (e.g. cloud platforms, workplace technology, development teams)
- Business functions (e.g. procurement, legal, compliance)
- Senior leadership and non-technical stakeholders
Core Competencies & Behaviours
- Clear and effective communication
- Strong stakeholder management and influencing skills
- Ability to operate across technical and business domains
- Ownership and accountability for delivery
- Commercial awareness and risk-based decision making
- Focus on continuous improvement and pragmatic outcomes
…