Technology Consulting-DT TPRM- Senior

We are seeking a highly skilled Senior Consultant to join our Technology Consulting team specializing in Third-Party Risk Management (TPRM) . As a Senior Consultant in TPRM , you will work with clients to assess, manage, and mitigate risks associated with third-party vendors, suppliers, and service providers. You will help clients develop and implement robust third-party risk management strategies, ensuring their vendors and partners comply with relevant regulations, industry standards, and cybersecurity best practices. Your expertise in TPRM will enable organizations to safeguard their operations, data, and reputation while driving business value through effective third-party relationships.

Key Responsibilities:

• Third-Party Risk Assessment: Lead the identification, assessment, and management of third-party risks. Work with clients to evaluate their vendors’ cybersecurity, compliance, and operational risks, and provide actionable insights to strengthen their risk management frameworks.

• TPRM Strategy Development: Develop and implement comprehensive third-party risk management strategies tailored to the client’s unique business needs and regulatory environment. Guide clients in establishing processes for vendor selection, due diligence, onboarding, ongoing monitoring, and offboarding.

• Vendor Risk Management Frameworks: Design and implement vendor risk management frameworks that align with industry standards, regulatory requirements (such as GDPR , SOX , HIPAA , ISO 27001 , NIST ), and best practices. Help clients integrate these frameworks into their overall risk management strategies.

• Cybersecurity & Compliance Risk: Advise clients on assessing and managing cybersecurity risks posed by third parties. Ensure that clients' vendors meet the required cybersecurity standards, including evaluating data protection , network security , incident response , and business continuity plans.

• Due Diligence & Vendor Audits: Conduct vendor due diligence and risk assessments, including evaluating vendors' financial stability, security posture, compliance with legal and regulatory requirements, and operational risks. Lead vendor audits and provide insights into improving vendor performance and risk mitigation efforts.

• Ongoing Monitoring & Reporting: Develop and implement systems for continuous monitoring of third-party risks, ensuring that clients can proactively identify and address emerging risks. Create regular risk reports and dashboards to communicate vendor risk status to senior leadership.

• Regulatory Compliance & Reporting: Ensure that third-party risk management practices comply with relevant regulations, including GDPR , CCPA , SOX , and PCI DSS . Help clients maintain up-to-date compliance with evolving regulatory requirements through proactive vendor risk assessments and documentation.

• Stakeholder Engagement & Communication: Collaborate with key stakeholders across client organizations, including legal, compliance, IT, procurement, and business units. Effectively communicate TPRM strategies, risks, and remediation actions to both technical and non-technical stakeholders.

• Technology Integration & Tooling: Work with clients to select, implement, and optimize TPRM technology solutions (such as RSA Archer , Archer Third-Party Risk Management , MetricStream , or ServiceNow ). Help automate vendor risk management processes and integrate TPRM tools with other business systems (e.g., procurement, finance, IT security).

• Incident Response & Crisis Management: Assist clients in developing incident response plans related to third-party breaches or disruptions. Support crisis management teams in the event of a third-party failure or data breach, ensuring that necessary actions are taken to minimize business impact.

• Continuous Improvement: Stay up to date on industry trends, emerging risks, and evolving regulatory requirements in third-party risk management. Advise clients on new tools, processes, and technologies that can improve their TPRM practices and overall risk posture.

Qualifications:

• Bachelor’s or Master’s degree in Information Technology, Cybersecurity, Risk Management, Business Administration, or a related field.
• 2-5 years of experience in third-party risk management, vendor risk management, or cybersecurity consulting, ideally in a consulting or professional services firm.
• Deep knowledge of third-party risk management frameworks , such as NIST 800-53 , ISO 27001 , SOC 2 , and other relevant industry standards.
• Familiarity with cybersecurity standards and regulatory frameworks, including GDPR , SOX , PCI DSS , and HIPAA .
• Proven experience with vendor risk assessments , including due diligence, audits, and ongoing monitoring of third-party risk profiles.
• Strong understanding of cyber risk management , including managing risks related to data protection , network security , business continuity , and incident response .
• Experience with TPRM tools such as RSA Archer , MetricStream , ServiceNow , or other third-party risk management software.
• Strong analytical skills, with the ability to assess complex vendor risk data and provide clear, actionable insights and recommendations.
• Project management experience , with the ability to manage multiple TPRM initiatives simultaneously and deliver results within timelines and budgets.
• Excellent communication skills , with the ability to effectively communicate complex risk concepts and strategies to senior executives, technical teams, and business stakeholders.
• Leadership skills , with the ability to guide junior team members, mentor colleagues, and take ownership of key projects.

Preferred Skills:

• Certifications such as Certified Information Systems Auditor (CISA) , Certified in Risk and Information Systems Control (CRISC) , Certified Third-Party Risk Professional (CTPRP) , or Certified Information Security Manager (CISM) .
• Experience in cloud-based third-party risk management or SaaS vendor risk assessments .
• Knowledge of data privacy regulations (e.g., CCPA , GDPR ) and their implications for third-party risk management.
• Familiarity with cybersecurity risk assessment tools , data loss prevention tools , and business continuity planning for third-party vendors.
• Experience with regulatory reporting tools and the integration of risk management platforms with other enterprise systems.

Soft Skills:

• Client-focused mindset , with the ability to understand client needs and tailor TPRM solutions to fit their unique business context.
• Strong leadership and teamwork skills , with the ability to lead client projects and collaborate effectively with internal teams and client stakeholders.
• Proactive problem-solving skills , with the ability to identify and mitigate emerging third-party risks before they become significant issues.
• Detail-oriented , with a focus on ensuring that third-party risks are properly identified, assessed, and mitigated through rigorous analysis and reporting.
• Adaptability in a fast-paced environment, with the ability to manage changing client priorities, regulatory requirements, and emerging third-party risks.