This role provides independent second‑line cyber risk oversight, governance, and assurance over third‑party engagements involving technology, data, and cloud services. It supports a federated operating model where first‑line ownership remains with business, procurement, and technology teams, while the role defines cyber risk standards, provides independent challenge, and delivers management and regulators with a clear view of third‑party cyber risk exposure. This role operates in alignment with Group Third‑Party Risk Management and Enterprise Risk frameworks, focusing on cyber risk governance rather than end‑to‑end third‑party risk ownership.