Third Party Risk Management (TPRM) Consultant

To apply, go to Glopros

Experience and Role Summary 8–10 years of experience in Third-Party/Vendor Risk Management, IT Risk, or Information Security Risk. The TPRM Consultant will design, implement, and mature the company's Third-Party Risk Management program.

Key Responsibilities

• Design and implement an end-to-end TPRM framework aligned with industry standards and regulations (ISO 27001, NIST, SOC, GDPR, applicable regulatory guidance).
• Define and operationalize third‑party lifecycle processes: onboarding, risk tiering, due diligence, ongoing monitoring, and offboarding.
• Conduct security, privacy, and compliance risk assessments of third parties and produce actionable risk findings.
• Review third‑party evidence (SOC reports, ISO certificates, policies, questionnaires) and identify control gaps and mitigation needs.
• Track risk issues, remediation activities, and residual risk through to closure.
• Develop and execute a TPRM maturity roadmap, driving continuous process improvement and standardization.
• Support selection, configuration, and deployment of GRC/TPRM tooling to automate assessments, workflows, and reporting.
• Prepare management and executive-level reporting on third‑party risk posture and trends.
• Serve as a strategic advisor to Business, Procurement, Legal, IT, and Compliance stakeholders on third‑party risk matters.
• Support internal and external audits and regulatory reviews related to third‑party risk.

Required Skills & Experience

• 8–10 years of hands-on experience in TPRM, vendor risk, or IT risk management.
• Proven track record implementing and maturing TPRM programs in enterprise environments.
• Strong understanding of information security, privacy, and regulatory risks associated with third parties.
• Experience with GRC/TPRM platforms (e.g., ServiceNow GRC, Archer, OneTrust, MetricStream).
• Excellent analytical skills, clear documentation practices, and strong stakeholder communication and facilitation abilities.

Preferred Qualifications

• Professional certifications such as CISA, CISM, CRISC, or ISO 27001 LA/LI.
• Consulting or advisory experience supporting enterprise TPRM transformations.

KPIs — First 12 Months Program & Framework

• TPRM framework designed, approved, and operationalized across IT, OT, and manufacturing vendor populations.
• Risk tiering model implemented for 100% of active third parties.

Assessments & Coverage

• Risk assessments completed for 100% of critical and high‑risk vendors.
• Measurable reduction in assessment cycle time versus baseline.

Risk & Remediation

• All high‑risk findings tracked with defined remediation plans and owners.
• 90% of agreed remediation actions closed within defined SLAs.

Process Maturity

• TPRM maturity improved by at least one level (e.g., from ad hoc to standardized).
• Standard templates, workflows, and reporting fully deployed.

Visibility & Reporting

• Executive‑level third‑party risk dashboard implemented.
• Regular risk reporting established for leadership and manufacturing stakeholders.

To apply, go to Glopros