Role Overview:

The Third-Party Risk Management (TPRM) Specialist will play a crucial role in identifying, assessing, and managing risks associated with third-party vendors across the organization. The specialist will be responsible for ensuring that all third-party relationships align with company policies, regulatory requirements, and industry best practices, with a focus on minimizing potential risks to business operations, data security, and compliance.

This role requires a strong understanding of risk management principles, vendor management, and regulatory compliance, along with the ability to work collaboratively with cross-functional teams to ensure that third-party risks are effectively managed throughout the lifecycle of vendor relationships.

Key Responsibilities:

Third-Party Risk Identification & Assessment:

Identify, evaluate, and document risks associated with third-party relationships across all departments.

Conduct comprehensive risk assessments of third-party vendors, including financial, operational, cybersecurity, legal, and compliance risks.

Develop risk profiles for each third-party and categorize vendors based on risk levels.

Due Diligence & Vendor Onboarding:

Lead or support the due diligence process for new vendors, ensuring that proper background checks, audits, and compliance assessments are performed.

Work with legal, procurement, and business units to ensure all third-party contracts include appropriate risk mitigation clauses, including cybersecurity, data protection, and service level agreements (SLAs).

Ongoing Monitoring & Risk Mitigation:

Continuously monitor third-party performance, compliance, and risk status through regular audits, assessments, and vendor performance reviews.

Work with internal teams to address any performance, compliance, or security issues raised by third-party partners.

Track and report on third-party risk exposure and mitigation efforts.

Collaboration & Reporting:

Partner with internal stakeholders (IT, Legal, Procurement, Compliance, etc.) to ensure alignment on risk management objectives and processes.

Prepare and present reports on third-party risk management status, including key risk indicators and escalation points.

Support internal audits and assessments to ensure third-party vendors are compliant with company standards and regulatory requirements.

Incident Response & Remediation:

Assist with the development and implementation of contingency plans in case of third-party failures, breaches, or non-compliance.

Act as a key point of contact during incidents involving third-party risks, working with relevant teams to manage issues and implement corrective actions.

Policy & Procedure Development:

Contribute to the development and maintenance of third-party risk management policies, frameworks, and procedures to ensure alignment with industry best practices and regulatory requirements.

Help educate and train internal teams on third-party risk management processes and compliance obligations.

Qualifications:

Education & Experience:

Bachelors degree in Business, Risk Management, Information Security, Finance, or a related field.

2-4 years of experience in third-party risk management, vendor management, compliance, or a related field.

Certification in risk management (e.g., CRISC, CISA, or equivalent) is a plus.

Technical Skills:

Familiarity with third-party risk management software/tools and frameworks (e.g., RSA Archer, OneTrust, or similar platforms).

Knowledge of regulatory requirements and industry standards, such as GDPR, SOC 2, PCI-DSS, HIPAA, and ISO 27001.

Basic understanding of cybersecurity risks and practices.

Soft Skills:

Strong analytical and problem-solving skills, with the ability to assess and quantify risks.

Excellent communication and interpersonal skills, with the ability to collaborate across departments and interact with external vendors.

Strong attention to detail and organizational skills.

Ability to work independently and manage multiple projects with varying deadlines.