Third-Party Risk Management (TPRM) Specialist

Third-Party Risk Management (TPRM) Specialist

We are seeking a Third-Party Risk Management Specialist to assess, monitor, and manage cybersecurity and privacy risks associated with vendors, suppliers, and business partners throughout the entire third-party lifecycle, ensuring supply chain security and regulatory compliance across our extended enterprise ecosystem.

Conduct comprehensive security and privacy risk assessments for new and existing third-party vendors

Develop and execute vendor security questionnaires, penetration testing requirements, and certification validations

Perform on-site security assessments and audit third-party security controls and practices

Evaluate vendor security posture using standardized risk rating methodologies and scoring frameworks

Assess fourth-party and nth-party risks in complex supply chain relationships

Third-Party Risk Monitoring & Management

Implement continuous monitoring programs for vendor security posture and threat intelligence

Track vendor security incidents, breaches, and vulnerability disclosures affecting organizational risk

Manage vendor risk registers and maintain risk profiles throughout vendor relationship lifecycles

Coordinate remediation activities for identified vendor security deficiencies and gaps

Establish risk-based vendor categorization and tiered assessment approaches

Contract & Compliance Management

Develop and negotiate security requirements, SLAs, and contractual risk allocation clauses

Ensure vendor compliance with regulatory requirements (GDPR, CCPA, HIPAA, SOX) and industry standards

Manage vendor security certification requirements (SOC 2, ISO 27001, PCI-DSS) and validation processes

Establish right-to-audit clauses and coordinate third-party security audits

Support contract renewals with updated security requirements and risk mitigation terms

Supply Chain Security Program

Develop comprehensive TPRM policies, procedures, and governance frameworks

Establish vendor security standards and minimum security requirements for different risk tiers

Create vendor onboarding and offboarding security procedures including data return and destruction

Implement supply chain threat intelligence and geopolitical risk monitoring programs

Coordinate with procurement, legal, and business teams on vendor risk management activities

Technical Skills

6+ years experience in third-party risk management, vendor assessment, or supply chain security

Strong knowledge of cybersecurity frameworks (NIST, ISO 27001, CIS Controls) and risk assessment methodologies

Experience with TPRM platforms (ServiceNow, Prevalent, BitSight, SecurityScorecard) and vendor assessment tools

Understanding of cloud security, data privacy regulations, and compliance requirements

Knowledge of contract negotiation, legal risk assessment, and vendor management practices

Proficiency in risk analysis, reporting, and vendor performance metrics

Assessment Skills

Proven experience conducting security assessments, audits, and vendor due diligence activities

Strong understanding of supply chain vulnerabilities and attack vectors

Experience with threat intelligence integration and continuous vendor monitoring

Knowledge of business continuity, disaster recovery, and operational resilience principles

Preferred Qualifications

Bachelor's degree in Risk Management, Cybersecurity, Business Administration, or related field

Professional certifications (CRISC, CISA, CISSP, Certified Third Party Risk Professional)

Experience in regulated industries with complex supply chain requirements

Background in procurement, vendor management, or contract administration

Knowledge of international privacy laws and cross-border data transfer requirements