GRC Analyst - Third Party Risk Management, Birmingham

GRC Analyst - Third Party Risk Management

5 Days Old

GRC Analyst – Third Party Risk Management We have an exciting opportunity for a GRC Analyst – Third Party Risk Management to join our award‑winning Business Change and Technology (BC&T) team on a 12‑month Fixed Term Contract. You will be based in Birmingham City Centre, working in a hybrid role. Reporting to the IT Licensing & Compliance Manager, these roles support Mitchells & Butlers’ governance, risk, and compliance (GRC) activities, with a strong focus on information security, privacy, and regulatory assurance across the organization. Here at Mitchells & Butlers, we own and run more than 1,600 pubs, bars and restaurants including the stylish All Bar One brand, legendary Miller & Carter steakhouses, and the iconic Toby Carvery, alongside our Mediterranean brands Ego and Pesto. We set the industry standard within hospitality. You will be well rewarded. Benefits

rded35 hours per week, Monday to Friday, with flexibility around personal commitme nts.33% discount across all M&B brands and hot els.A pension that pays, with contributions matched at 1.5x, up to mes.26 days annual leave plus bank holi

Opportunity – GRC Analyst (Third Party Risk Management) This specialism focuses on supplier assurance and third‑party risk management, ensuring that vendors handling M&B data or connecting to M&B systems operate in line with security, privacy, and compliance expectations. Key responsibilities

clude:Conducting and coordinating security and privacy risk assessments for new and existing third‑party suppliers. Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access. Cataloguing and maintaining records of M&B data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location. Ensuring third‑party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with M&B policies and regulatory obligations. Performing data cataloguing activities directly, or coordinating with BC&T teams to ensure data ownership and accountability are clearly assigned. Maintaining third‑party risk documentation and tracking remediation actions with suppliers and internal teams. Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal. Escalating high‑risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders.

What you’ll need

Bring strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes.

Qualifications

Minimum 3 years’ experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection desired.

What makes Mitchells & Butlers a great place to work? At M&B, a career isn’t just about clocking in. We care about our people and value every contribution from a diverse workforce that reflects our guests and communities. By fostering a culture of inclusion, respect, and collaboration, we create an environment where colleagues can thrive and deliver great guest experiences. Join us and be a part of a great team. Closing date: Friday 27th March 11:59pm #J-18808-Ljbffr

Apply

Location:: Birmingham
Job Type:: FullTime

Start a New Search