Third Party Risk Management Consultant

DESCRIPTION

We are seeking a highly skilled and detail-oriented Third Party Risk Management Consultant to join our team. The ideal candidate will be responsible for assessing, managing, and mitigating information security risks associated with third-party vendors and partners. This role requires expertise in risk assessment methodologies, regulatory compliance and vendor management processes to ensure the security and integrity of organisational data.

Key Responsibilities:

• Leverage third-party risk management frameworks, policies, and procedures.
• Conduct comprehensive risk assessments of third-party vendors to identify potential information security vulnerabilities.
• Collaborate with internal stakeholders to ensure third-party vendors comply with organisational security standards and regulatory requirements.
• Evaluate vendor performance in relation to information security practices.
• Perform due diligence on new vendors, including reviewing security certifications, audit reports, and compliance documentation.
• Lead vendor risk remediation efforts, providing guidance and recommendations to address identified risks.
• Maintain an up-to-date inventory of third-party vendors and their associated risks.
• Stay informed about emerging threats, vulnerabilities, and industry best practices in third-party risk management.
• Support audits and regulatory reviews related to third-party risk management.
• Interact and collaborate closely with client stakeholders and vendor relationship owners.
• Prepare detailed reports and presentations for senior management, highlighting risk findings and mitigation strategies.

Qualifications:

• Bachelor's degree in relevant field.
• Professional certifications such as CISSP, CISM, CRISC or equivalent are highly desirable.
• Familiarity with risk management tools and platforms
• Proven experience in third-party risk management, information security, or vendor management.
• Strong knowledge of regulatory frameworks such as GDPR, ISO 27001, NIST, and SOC 2.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively across teams and manage multiple projects simultaneously.

Skills Requirement:

• Experience in conducting security assessments and audits.
• Knowledge of contract negotiation and vendor agreements related to information security.
• Understanding of cloud security and data protection measures.
• Knowledge and experience of the DORA regulation.
• Excellent verbal and written communication skills.
• Ability and experience dealing with clients, management and senior stakeholders.