Vendor Manager

The role will sit at the intersection of technology, risk management, procurement, and cybersecurity. The role will implement management controls to ensure critical suppliers deliver services in an appropriately secure and resilient manner within organisational risk appetite, as well as in line with contractual and regulatory requirements.

• Third-Party Risk Management
• Be responsible for the technology supplier risk management policy and supporting procedures.
• Lead the completion of third-party risk assessment processes with a focus on information security, data protection and operational resilience.
• Ensure timely identification, documentation, and mitigation/escalation of third-party related risks.
• Partner with procurement, internal security management, IT/OT, DPO and Legal teams to complete supplier due diligence and associated control non-conformity remediations.
• Lead technology tender processes from specification to evaluation and selection, collaborating with technology, procurement and legal teams
• Facilitate the ongoing supervision of critical suppliers in line with contractual and security requirements.
• Implement and manage the governance framework in support of the effective management of key technology supplier, including SLAs, KPIs, compliance, and contract adherence.
• Ensure ongoing monitoring and reviews of supplier performance, risk exposure, and compliance with policies and regulations (e.g., ISO 27001, GDPR, NIS2).
• Escalate supplier non-performance issues in line with internal policy.
• Complete management reporting on vendor compliance levels to facilitate management risk oversight.
• Process & Tooling
• Contribute to the selection, implementation, and operation of third-party risk management tools.
• Drive continuous improvement of supplier onboarding, contract review, risk assessment processes and management reporting.

The ideal candidate will possess the following qualification, skills, knowledge and attributes:

• Proven experience in supplier management, ideally with a technology or security focused role.
• Understanding of third-party risk, especially in the information security domain.
• Familiarity with key regulatory and industry standards (e.g., ISO 27001, GDPR, NIS2).
• Strong relationship-building and stakeholder management skills, both internally and externally.
• Experience working in cross-functional teams and managing external supplier relationships.
• Excellent analytical, problem-solving, and negotiation skills.
• Experience in energy, utilities, or critical infrastructure industries.
• Experience completing Data Protection Impact Assessment (DPIA) process.
• Familiarity with Personal Data Processing Agreement (DPA) requirements and understanding of Operational Technology (OT) supplier related risks.
• Conceptual understanding of cloud security and SaaS supplier related risks.

The selection process for this role will include candidate screening from application.

BnM is an equal opportunities employer.

• Mid-Senior level

• Full-time

• Management and Manufacturing