Third Party Risk Management Consultant/ Lead

Position Overview:

We are seeking a highly experienced and strategic Third-Party Risk Management (TPRM) professional to lead and enhance our enterprise-wide third-party risk program. This role involves overseeing risk assessments, governance, due diligence, monitoring, and issue management for vendors, partners, and service providers across the organization.

The ideal candidate will bring 10–12 years of expertise in risk management, information security, compliance, and vendor oversight, with the ability to collaborate across legal, procurement, technology, and business functions to ensure consistent application of third-party risk controls.

Key Responsibilities:

• Lead the execution and continuous improvement of the Third-Party Risk Management lifecycle, including on boarding assessments, ongoing monitoring, risk reviews, and exit management.
• Oversee the development and implementation of TPRM policies, frameworks, and procedures, aligned with regulatory standards such as NIST, ISO 27001, SOC 2, GDPR, DORA, and PCI DSS.
• Conduct and review inherent and residual risk assessments for new and existing vendors across multiple risk domains (information security, compliance, financial, operational, etc.).
• Collaborate with procurement, legal, IT, business units, and compliance teams to integrate TPRM into sourcing and contract processes.
• Drive the automation and scalability of the TPRM program through use of GRC platforms (e.g., ServiceNow, Archer, ProcessUnity, OneTrust).
• Manage third-party due diligence questionnaires (DDQs), control gap analysis, and track remediation efforts for identified issues.
• Prepare and deliver executive-level reporting and dashboards related to vendor risk posture, risk acceptance, and compliance status.
• Stay current on emerging regulatory requirements, supply chain risks, and third-party threats to inform program strategy.
• Support internal/external audits and regulatory reviews involving vendor risk management.

• Required Qualifications:

• 10–12 years of professional experience in Third-Party Risk Management, IT Risk, InfoSec, Audit, or related GRC functions.
• In-depth understanding of third-party risk domains, including cybersecurity, data privacy, business continuity, and compliance.
• Experience developing or managing TPRM frameworks and governance structures across global enterprises.
• Hands-on experience with TPRM tools such as ServiceNow GRC, Archer, OneTrust, Prevalent, or ProcessUnity.
• Strong knowledge of risk and control frameworks including NIST, ISO 27001, SIG, SOC 2, and GDPR.
• Proven ability to assess and report on third-party risk posture, remediation plans, and contract compliance.
• Excellent written and verbal communication skills with ability to influence technical and non-technical audiences.

• Preferred Qualifications:

• Relevant certifications such as CISA, CRISC, CISSP, CTPRA, CTPRP, or ISO 27001 Lead Auditor.
• Experience in regulated industries such as financial services, healthcare, or critical infrastructure.