About the Role:
I'm working on behalf of a leading organisation to recruit a TPRM Analyst who will play a key role in strengthening their third-party risk management program. In this position, you'll assess and monitor the security posture of vendors and partners, ensuring compliance with the company's risk framework and regulatory requirements. You'll collaborate with Procurement, Legal, and InfoSec teams to identify, evaluate, and mitigate risks associated with third-party relationships.
Location: London (3 days a week onsite, 2 days remote)
Unfortunately no sponsorship is available with this role.
Key Responsibilities:
- Conduct third-party risk assessments, focusing on cybersecurity and compliance requirements.
- Review vendor security documentation (e.g., SOC reports, ISO certifications) and identify gaps.
- Support onboarding and continuous monitoring of third-party vendors.
- Maintain accurate risk records and provide reporting for governance forums.
- Collaborate with internal stakeholders to ensure risk mitigation plans are implemented.
What We're Looking For:
- Experience in Third-Party Risk Management or Vendor Risk Assessment.
- Familiarity with frameworks such as NIST, ISO 27001, or SIG questionnaires.
- Strong analytical and problem-solving skills with attention to detail.
- Excellent communication skills to engage with technical and non-technical stakeholders.
- Ability to manage multiple assessments and meet deadlines.
Desirable:
- Knowledge of regulatory requirements (GDPR, PCI DSS).
- Experience with TPRM tools or GRC platforms (e.g., Archer, ServiceNow, JIRA).
- Relevant certifications (e.g., CTPRP, CRISC, CISSP).