Supply Chain Security Analyst

Government security is undergoing a significant transformation, making this an exciting time to get involved. This opportunity could be your next big career move!

We are looking for someone who can bring enthusiasm, clarity and confidence to the increasingly important and evolving world of Supply Chain Security.

As a Supply Chain Security Analyst within Defra’s Digital Data Technology and Security (DDTS) team, you’ll take a lead role in identifying and managing security risks within our supplier network. This is a critical position, ensuring the resilience of systems that support essential services across the UK.

You’ll work across the full supplier lifecycle:

• Building robust security terms into contracts
• Reviewing supplier bids and supporting selection and onboarding
• Conducting risk assessments on key technology suppliers
• Supporting resolution management activity

This role sits at the intersection of procurement, technology, and national security. You’ll help shape the way we assess, engage with, and manage third-party risks, contributing to smarter, safer decisions.

Please note this post requires Security Check (SC) clearance. To gain (SC) clearance all applicants are required to have been a UK resident for a minimum of 5 years. If this requirement is not met, the individual will not be able to progress their application further.

Responsibilities

• Ensuring that suppliers of IT services to Defra effectively risk manage departmental information.
• Improving supplier compliance with recognised security standards and best practice.
• Identifying potential cyber security, physical/personnel security, IT security  and information risks that can arise from contracting with a specific supplier, so that proportionate and appropriate arrangements are put in place.
• Providing suppliers with early insight into the mandatory minimum-security requirements expected of them during the life of a contract.
• Reviewing supplier Security Management Plans to ensure the supplier’s Information Security Management System is fit for purpose and accurately articulates how a contract will be delivered securely.
• Reviewing of supplier contract compliance with Defra’s security schedules and clauses during procurement.
• Establishing and maintaining excellent relationships with internal and external partners to influence their activities and promote and enhance Supply Chain Security.

Skills and Experience

• A clear understanding of Cyber Security, Information Security and Risk Management.
• Able to speak Cyber Security in “Business language”, whilst understanding how best to implement security requirements and controls within wider Business areas.
• Experience of undertaking cyber, technical and information risk assessments/ using Security standards such as ISO 27001 and good practice guides/principles from technical bodies such as NCSC and CISA.
• Good knowledge of Cyber security controls and risks, with certification such as CISM, CRISC, CISSP.
• Experience of analysing disparate sources of security information quickly and providing sound advice and recommendations on requirements to stakeholders at all levels.
• Excellent written and verbal communication skills with a range of stakeholders at different levels and the ability to build strong working relationships internally and externally.
• Effective decision making, using evidence, available data and personal knowledge to provide clear, accurate and professional decisions.
• Familiarity with best practice service management, data protection and Commercial methodologies, including ITIL, GDPR, and procurement legislation.