Third Party Resilience Manager

Title : Third-Party Resilience Manager
Reporting into: Rosse O'Neill

Work level : 2C

Location : 100VE
Scope: Global

Business Context and Main Purpose of the Role

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Wall’s, Ben & Jerry’s, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose as Unilever is ‘to make sustainable living commonplace’.

At Unilever, we’re determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We’re taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We’ve set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we’re setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website.

Unilever’s Cyber Security organization is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organization runs a 24x7 Security Operations Centre (SOC), oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and Risk Advisory to our business, and assesses the security of our vast technology estate, including factories, to name but a few areas. Cyber Security sits as part of the Business Operations organisations, as a peer to Unilever’s Technology and Data functions and the broad Supply Chain agenda. Cyber Security is tasked with elevating, reporting on and influencing enterprise cyber security risk mitigation across Unilever. The Cyber Security function is made up of the Governance, Risk, Assurance, and Compliance (GRAC) team, the Tech & Ops team, the BISO teams, and the Office of the CISO.

Role Purpose:

The Third-Party Cyber Resilience Manager is responsible for ensuring the organization can prepare for, respond to, and recover from cyber incidents that involve a third-party with minimal impact to business operations. This role bridges cyber security, business continuity, and risk management, driving strategic and operational initiatives to enhance resilience across our functions.

This Third-Party Resilience manager role supports the BISO to enhance our cyber resilience posture across third-party relationships.

Role Summary:

We are seeking a highly skilled and strategic Global Third-Party Cyber Resilience Manager to lead and enhance our cyber resilience posture across third-party relationships. This role will be responsible for designing, implementing, and continuously improving the global third-party cyber resilience framework, ensuring that our suppliers, partners, and service providers meet robust cybersecurity standards and can effectively respond to cyber threats.


Key Responsibilities:
• Strategy & Governance
o Develop and maintain the third-party cyber resilience strategy aligned with business objectives and regulatory requirements.
o Establish governance structures, policies, and frameworks for third-party resilience.
o Collaborate with internal stakeholders (e.g.,TPRM, Procurement, Legal, Risk, IT) to embed resilience into vendor lifecycle management.
• Risk Assessment & Monitoring
o Conduct resilience risk assessments for critical third-party vendors.
o Define and monitor impact tolerance thresholds for external services.
o Ensure vendors comply with cybersecurity and disaster recovery standards.
• Testing & Validation
o Lead tabletop exercises, failover testing, and exit strategy validations with vendors.
o Evaluate third-party incident response and recovery capabilities.
• Reporting & Communication
o Provide regular updates to senior leadership on third-party resilience posture.
o Maintain dashboards and metrics to track vendor performance and risk exposure.
o Support regulatory reporting and audit readiness.
• Continuous Improvement
o Identify gaps and recommend remediation measures to improve third-party resilience.
• Stay current with industry trends, threats, and regulatory changes.

The position calls for a strategic individual with strong communication and influencing skills. This leader will utilize her/his knowledge and experience to assist with the implementation of an effective global cyber security program that ensures the overall cyber security posture of the company is aligned with business needs and balanced to protect in the evolving threat landscape. This role supports the Global CISO in building strong relationships with internal leaders and senior executives, along with the other senior Cyber Security leadership team, on matters of cyber security and cyber risk, to foster the execution of cyber security as a business enabler.

Main Accountabilities

• Third-party Resilience Strategy & Framework
o Develop and maintain a comprehensive third-party cyber resilience framework.
o Align resilience practices with organizational risk appetite, regulatory requirements, and business continuity goals.
• Vendor Risk Assessment & Classification
o Identify and classify third-party vendors based on criticality and potential impact on business operations.
o Conduct resilience risk assessments and ensure appropriate controls are in place.
• Resilience Testing & Assurance
o Design and execute resilience testing programs (e.g., failover, recovery, tabletop exercises) for critical vendors.
o Validate third-party incident response, disaster recovery, and business continuity capabilities.
• Monitoring & Reporting
o Continuously monitor third-party resilience posture and performance against agreed SLAs and KPIs.
o Report findings, risks, and remediation progress to senior stakeholders and governance forums.
• Regulatory Compliance & Audit Readiness
o Ensure third-party resilience practices meet regulatory standards (e.g., DORA, NIS2, ISO 22301).
o Support internal and external audits, including evidence gathering and remediation tracking.
• Stakeholder Engagement & Collaboration
o Work closely with TPRM, Procurement, Legal, Risk, and IT teams to embed resilience into vendor lifecycle processes.
o Act as a subject matter expert for third-party resilience across the organization.
• Continuous Improvement & Innovation
o Identify opportunities to enhance third-party resilience through automation, tooling, and process optimization.
o Stay informed of emerging threats, technologies, and best practices in cyber resilience.•
Key Skills and Relevant Experience
Skills:

• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.
• Proven ability to lead and motivate a senior team.
• The ability to lead through accountability with delegated responsibilities.
• Ability to manage conflicting priorities and multiple tasks.
• Stakeholder management and interpersonal skills at both a technical and non-technical level.
• Outstanding influencing ability.
• Ability to work in a collaborative environment.
• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved.
• Customer-orientated, whether responding to queries or delivering new services.
• Skills in Programme and Project Management.

Experience:

• The role holder will have practical experience in Third-Party Risk and Cyber Security.
• Experience of leading major programs across a global organization.
• Experience and proven track record in Cyber Security.
• Experience in providing thought leadership, and driving a complex change agenda, and an ability to challenge the “status quo”.
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of digital businesses.
• Experience within a customer focused environment.
• Knowledge of the applications or the technical landscape within the domain and experience of delivering Cyber Security projects to their demands.

Behaviours
Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:
● Agility – Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
● Talent Catalyst – Develops and magnifies the power of people. Creates an inclusive climate, empowering everyone to be at their best. Investing in people, coaching individuals, and teams to realise their full potential. Continually inspires powerful collaboration.
● Passion for High Performance – Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.