GRC Third-Party Risk Manager || Remote ||

GRC Third-Party Risk ManagerRemote.Contract role.Key Responsibilities

• Conduct comprehensive third-party risk assessments for onboarding and ongoing evaluation of vendor services, identifying privacy and security risks.
• Review and analyze vendor-provided risk documentation, including risk assessment questionnaires (e.g., SIG), control audit reports (e.g., SOC Type II, SSAE18), and security policies.
• Leverage expertise in industry standards (e.g., NIST CSF, ISO 27001/27002) and regulatory frameworks (e.g., GDPR, CCPA) to deliver thorough vendor risk evaluations.
• Collaborate with vendors and internal stakeholders to identify, address, and monitor risks, ensuring effective remediation and tracking of identified issues.
• Partner with InfoSec teams and other stakeholders to assess vendor security controls and associated risks.
• Provide recommendations and guidance on vendor-related security risks, obtaining risk acceptance as needed before establishing contractual agreements.
• Support Procurement in negotiating the organization’s Information Protection Addendum (IPA) and incorporate input from Privacy, InfoSec, and the Office of General Counsel (OGC).
• Collaborate with Contract Administration and Procurement teams to review vendor contracts for both new and existing vendors.
• Monitor and measure the progress of TPRM activities, ensuring the program evolves with industry best practices.

Core Competencies

• Deep expertise in Third Party Risk Management.
• Strong understanding of privacy and information security frameworks (e.g., NIST, ISO 27001/27002) and applicable regulations (e.g., GDPR, CCPA).
• Excellent written and verbal communication skills.
• Proven experience negotiating supplier resiliency and cybersecurity requirements.

Qualifications

• Bachelor’s degree (required).
• Minimum of 7 years of experience in third-party risk management or a related field.

This position is ideal for a seasoned professional passionate about safeguarding the organization through robust third-party risk management practices and contributing to the overall success of the GRC team.