Third-Party Risk Management (TPRM) Specialist

Third-Party Risk Management (TPRM) Specialist

Position Overview

We are seeking a Third-Party Risk Management Specialist to assess, monitor, and manage cybersecurity and privacy risks associated with vendors, suppliers, and business partners throughout the entire third-party lifecycle, ensuring supply chain security and regulatory compliance across our extended enterprise ecosystem.

Key Responsibilities

Vendor Risk Assessment & Due Diligence

• Conduct comprehensive security and privacy risk assessments for new and existing third-party vendors

• Develop and execute vendor security questionnaires, penetration testing requirements, and certification validations

• Perform on-site security assessments and audit third-party security controls and practices

• Evaluate vendor security posture using standardized risk rating methodologies and scoring frameworks

• Assess fourth-party and nth-party risks in complex supply chain relationships

Third-Party Risk Monitoring & Management

• Implement continuous monitoring programs for vendor security posture and threat intelligence

• Track vendor security incidents, breaches, and vulnerability disclosures affecting organizational risk

• Manage vendor risk registers and maintain risk profiles throughout vendor relationship lifecycles

• Coordinate remediation activities for identified vendor security deficiencies and gaps

• Establish risk-based vendor categorization and tiered assessment approaches

Contract & Compliance Management

• Develop and negotiate security requirements, SLAs, and contractual risk allocation clauses

• Ensure vendor compliance with regulatory requirements (GDPR, CCPA, HIPAA, SOX) and industry standards

• Manage vendor security certification requirements (SOC 2, ISO 27001, PCI-DSS) and validation processes

• Establish right-to-audit clauses and coordinate third-party security audits

• Support contract renewals with updated security requirements and risk mitigation terms

Supply Chain Security Program

• Develop comprehensive TPRM policies, procedures, and governance frameworks

• Establish vendor security standards and minimum security requirements for different risk tiers

• Create vendor onboarding and offboarding security procedures including data return and destruction

• Implement supply chain threat intelligence and geopolitical risk monitoring programs

• Coordinate with procurement, legal, and business teams on vendor risk management activities

Required Qualifications

Technical Skills

• 6+ years experience in third-party risk management, vendor assessment, or supply chain security

• Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls) and risk assessment methodologies

• Experience with TPRM platforms (ServiceNow, Prevalent, BitSight, SecurityScorecard) and vendor assessment tools

• Understanding of cloud security, data privacy regulations, and compliance requirements

• Knowledge of contract negotiation, legal risk assessment, and vendor management practices

• Proficiency in risk analysis, reporting, and vendor performance metrics

Assessment Skills

• Proven experience conducting security assessments, audits, and vendor due diligence activities

• Strong understanding of supply chain vulnerabilities and attack vectors

• Experience with threat intelligence integration and continuous vendor monitoring

• Knowledge of business continuity, disaster recovery, and operational resilience principles

Preferred Qualifications

• Bachelor's degree in Risk Management, Cybersecurity, Business Administration, or related field

• Professional certifications (CRISC, CISA, CISSP, Certified Third Party Risk Professional)

• Experience in regulated industries with complex supply chain requirements

• Background in procurement, vendor management, or contract administration

• Knowledge of international privacy laws and cross-border data transfer requirements