About the job Third-Party Risk Management (TPRM) Specialist
Third-Party Risk Management (TPRM) Specialist
Position Overview
We are seeking a Third-Party Risk Management Specialist to assess, monitor, and manage cybersecurity and privacy risks associated with vendors, suppliers, and business partners throughout the entire third-party lifecycle, ensuring supply chain security and regulatory compliance across our extended enterprise ecosystem.
Key Responsibilities
Vendor Risk Assessment & Due Diligence
Conduct comprehensive security and privacy risk assessments for new and existing third-party vendors
Develop and execute vendor security questionnaires, penetration testing requirements, and certification validations
Perform on-site security assessments and audit third-party security controls and practices
Evaluate vendor security posture using standardized risk rating methodologies and scoring frameworks
Assess fourth-party and nth-party risks in complex supply chain relationships
Third-Party Risk Monitoring & Management
Implement continuous monitoring programs for vendor security posture and threat intelligence
Track vendor security incidents, breaches, and vulnerability disclosures affecting organizational risk
Manage vendor risk registers and maintain risk profiles throughout vendor relationship lifecycles
Coordinate remediation activities for identified vendor security deficiencies and gaps
Establish risk-based vendor categorization and tiered assessment approaches
Contract & Compliance Management
Develop and negotiate security requirements, SLAs, and contractual risk allocation clauses
Ensure vendor compliance with regulatory requirements (GDPR, CCPA, HIPAA, SOX) and industry standards
Manage vendor security certification requirements (SOC 2, ISO 27001, PCI-DSS) and validation processes
Establish right-to-audit clauses and coordinate third-party security audits
Support contract renewals with updated security requirements and risk mitigation terms
Supply Chain Security Program
Develop comprehensive TPRM policies, procedures, and governance frameworks
Establish vendor security standards and minimum security requirements for different risk tiers
Create vendor onboarding and offboarding security procedures including data return and destruction
Implement supply chain threat intelligence and geopolitical risk monitoring programs
Coordinate with procurement, legal, and business teams on vendor risk management activities
Required Qualifications
Technical Skills
6+ years experience in third-party risk management, vendor assessment, or supply chain security
Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls) and risk assessment methodologies
Experience with TPRM platforms (ServiceNow, Prevalent, BitSight, SecurityScorecard) and vendor assessment tools
Understanding of cloud security, data privacy regulations, and compliance requirements
Knowledge of contract negotiation, legal risk assessment, and vendor management practices
Proficiency in risk analysis, reporting, and vendor performance metrics
Assessment Skills
Proven experience conducting security assessments, audits, and vendor due diligence activities
Strong understanding of supply chain vulnerabilities and attack vectors
Experience with threat intelligence integration and continuous vendor monitoring
Knowledge of business continuity, disaster recovery, and operational resilience principles
Preferred Qualifications
Bachelor's degree in Risk Management, Cybersecurity, Business Administration, or related field
Professional certifications (CRISC, CISA, CISSP, Certified Third Party Risk Professional)
Experience in regulated industries with complex supply chain requirements
Background in procurement, vendor management, or contract administration
Knowledge of international privacy laws and cross-border data transfer requirements