Department: Cyber Services and Capabilities
Location: PHL Manila
Description
Why this role
Do you enjoy helping organisations understand, secure, and strengthen their supply chains against modern security threats At NCC Group, you'll help clients manage risk beyond their own perimeter, across suppliers, partners, vendors, and critical service providers.
You'll work at the intersection of cyber security, risk management, and operational resilience, supporting organisations as they respond to increasing regulatory scrutiny, geopolitical risk, and complex third-party ecosystems. This is high-impact consulting work that blends strategic advisory, governance, and practical security improvement across supply chains.
Responsibilities
- Assess supply chain security risk: Conduct third-party and supply chain security assessments, identifying systemic risks across vendors, service providers, and technology dependencies.
- Design supply chain security frameworks: Develop and implement supply chain security strategies aligned to standards such as NIST CSF, NIST 800-161, ISO 27036, ISO 28000, and emerging regulatory requirements.
- Strengthen third-party risk management: Support the design and improvement of third-party risk management (TPRM) programmes, including due diligence, onboarding, assurance, and ongoing monitoring.
- Advise on secure supplier engagement: Help clients embed security requirements into procurement processes, contracts, supplier assurance models, and service-level agreements.
- Analyse concentration and dependency risk: Identify critical supplier dependencies, single points of failure, and cascading risk across complex supply networks.
- Test and validate controls: Support scenario-based exercises, tabletop simulations, and risk walkthroughs focused on supplier compromise, service disruption, or geopolitical impact.
- Engage senior stakeholders: Translate technical and operational findings into clear, business-relevant insights for executives, boards, and risk committees.
- Collaborate across disciplines: Work alongside cyber security, resilience, legal, procurement, and operational teams to deliver integrated supply chain security outcomes.
- Mentor and contribute: Coach junior consultants and contribute to reusable methodologies, assessment tools, and thought leadership in supply chain security.
A week in the life (example)
Monday: Run a supply chain risk workshop with a critical infrastructure client, mapping supplier dependencies and risk concentration.
Tuesday: Perform a third-party security assessment for a strategic technology provider.
Wednesday: Design a supply chain security framework aligned to regulatory expectations and client risk appetite.
Thursday: Facilitate a tabletop exercise simulating supplier compromise and downstream business impact.
Friday: Present findings and prioritised recommendations to senior stakeholders and agree next steps.
How we work- Pragmatic > performative. We focus on achievable, sustainable resilience rather than perfection on paper.
- Collaborative by default. You'll work alongside cyber, continuity, and risk experts across NCC Group's global network.
- Curious mindset. Research time, labs, and thought leadership contributions are part of our rhythm.
- Inclusive and flexible. We value diversity of thought and support hybrid working that fits your life.
Skills, Knowledge & Expertise
What you'll bring- Strong experience in supply chain security, third-party risk, or operational risk consulting, ideally in complex enterprise environments
- Practical understanding of vendor risk, supplier assurance, and ecosystem-level security threats
- Familiarity with relevant standards and frameworks such as:
- NIST SP 800-161 (Supply Chain Risk Management)
- ISO 27036 (ICT Supply Chain Security)
- ISO 28000 (Supply Chain Security Management)
- NIST CSF, ISO 27001 (as applied to third parties)
- Ability to engage confidently with technical teams, procurement, legal, risk functions, and executive leadership
- Experience conducting risk assessments, workshops, or assurance activities with third parties
- Strong written and verbal communication skills, able to produce concise reports and deliver clear recommendations
Nice-to-haves- Experience with regulatory and compliance drivers (e.g. DORA, NIS2, SOCI, critical infrastructure regulations)
- Understanding of software supply chain security (e.g. SBOMs, secure development, open-source risk)
- Exposure to geopolitical risk, sanctions, or operational resilience
- Certifications such as:
- CISSP, CISM, CRISC
- ISO 27001 / 27036 Lead Implementer or Auditor
- Supply chain or risk-related certifications
Job Benefits
What do we offer in return
We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
