Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
About the role
The Third-Party Security Risk Operations Lead is responsible for managing the day‑to‑day operational execution of Haleon’s Third‑Party Security Risk Management function across all phases of the third‑party lifecycle: Onboarding, Due Diligence, Contracting, Continuous Monitoring, and Offboarding.
The role leads the team that performs inherent risk reviews, segmentation, security risk assessments, remediation governance, issue tracking, re‑assessments, supplier threat monitoring, and offboarding checks. It ensures all operational activities follow documented methodologies and comply with enterprise risk, cybersecurity, procurement, and regulatory obligations.
The Operations Lead serves as the primary liaison between business requestors, TPRM, Procurement, Legal, and suppliers, ensuring timely assessments, risk decisions, and contract readiness. It partners closely with the Third-Party Security Risk Product Lead to ensure that tooling, workflows, templates, and automation support operational efficiency and that processes improve continuously.
Role Responsibilities
Lead the TPSRM Operations team, overseeing daily execution of onboarding, inherent risk reviews, segmentation, due diligence assessments, issue remediation management, continuous monitoring, and supplier offboarding
Ensure high quality, consistent execution of TPSRM assessments, including validating assessment conclusions, challenge testing analyst outputs, and ensuring adherence to methodology, SLAs, and regulatory standards
Manage remediation and issue governance, ensuring suppliers address security gaps, action plans are tracked to closure, risks are escalated appropriately, and decisions align with Haleon’s risk appetite.
Partner closely with the Third Party Security Risk Product Lead to ensure operational effectiveness of templates, questionnaires, workflows, dashboards, automation, and data quality across the full supplier lifecycle.
Drive continual operational maturity, identifying process bottlenecks, improving cycle time, enhancing monitoring logic, maturing reassessment programs, and ensuring operational readiness for audits and regulatory reviews.
Ability to translate operational challenges into workflow improvements and partner effectively with Product and Technology teams.
Why you?
Basic Qualifications:
Bachelor’s degree in Cybersecurity, Information Systems, Business, Risk, Engineering, or related discipline.
Experience executing third party cybersecurity risk assessments and due diligence.
Experience managing operational teams executing structured workflows and assessments.
Strong knowledge of supplier security expectations, inherent risk scoring, and risk remediation governance.
Experience working with TPRM platforms, GRC tools, assessment systems, or security questionnaires.
Experience managing Third-Party Risk Management tools, such as OneTrust and UpGuard
Preferred Qualifications:
Advanced degree or specialised training in cybersecurity, risk management, or product management.
7–10+ years in cybersecurity, supplier assurance, or risk operations roles
Experience in global or regulated industries (pharma, healthcare, consumer health).
Experience working with security rating tools, continuous monitoring platforms, and automated workflow solutions
Certifications such as CISM, CISA, CRISC, CCSK, ISO 27001 Lead Auditor
Job Posting End Date
2026-06-26
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.
