Senior Consultant, Third Party Risk Management (TPRM)

About The Position

Requirements

• 5-7+ years of experience in third-party/vendor risk, technology risk, or related fields with direct ownership of new vendor onboarding and ‑due diligence‑ assessments.
• Proven ability to operate at pace in a procurement‑driven environment, triaging high volumes and prioritizing new supplier/new scope engagements.
• Demonstrated experience coordinating across InfoSec, Legal, Privacy, Resiliency, Finance, and business stakeholders, translating policy expectations into practical contract terms and controls.
• Excellent written and verbal communication; executive‑caliber reporting and stakeholder management for high‑visibility vendors.

Nice To Haves

• Certifications: CTPRP/CTPRA, CISA, CRISC, CISSP, or similar.
• Experience with risk‑intelligence platforms (e.g., Supply Wisdom, Black Kite) and AI‑assisted control/evidence evaluation capabilities.
• Background in insurance/financial services vendor governance or regulatory frameworks relevant to outsourcing, data protection, operational resilience
• Intake mastery - ability to quickly classify requests, separate exempt/low‑risk from high‑impact cases, and keep pipelines flowing without bottlenecks.
• Orchestration and influence: cross‑functional leadership and stakeholder alignment throughout contracting and onboarding; strong meeting facilitation.
• Tool fluency - ProcessUnity administration/usage and WSS intake routing; comfort with dashboards, SLAs/KPIs, and audit trails.
• Risk Judgment & Decisioning: Makes timely, defensible inherent risk determinations with clear rationale.
• Process Excellence: Builds and enforces standardized intake workflows, SLAs, and data quality checks.
• Stakeholder Partnership: Collaborates cross-functionally
• Detail Orientation: Catches gaps in scope, data during risk reviews.
• Systems & Data Literacy: Comfort with dashboards, forms, integrations, and vendor artifacts (SOC reports, SIG, CAIQ).
• Communication: Clear, concise, and business-friendly briefings and guidance.

Responsibilities

• Manage the intake and reviews for all net‑new vendors entering the organization; validate scope, data flows, service criticality, and inherent risk indicators at the point of request.
• Operate the intake workflow across Workday Strategic Sourcing (WSS) and ProcessUnity (PU); ensure requests are properly classified and routed.
• Collaborate with Procurement to align intake with sourcing milestones (RFP/RFI, contract negotiation)
• Produce Reporting metrics on intake volumes, SLA adherence, inherent risk distribution, and critical third party supplier activities.
• Apply a pragmatic triage model (e.g., exempt items; existing supplier/same scope; existing supplier/new scope; new supplier/new scope) to focus effort on where risk is highest and eliminate unnecessary reviews.
• Function as the liaison across Procurement, Legal, InfoSec/Tech Risk, Privacy, Business/Operational Resiliency, and Finance to orchestrate TPRM activities within the contracting process, ensuring a seamless and efficient stakeholder experience.
• Co-lead end‑to-end risk assessments for high‑impact/new vendors: scoping, risk tiering (IRQ), due‑diligence review (DDQ), and control validation (remote or on‑site), with audit‑ready documentation.
• Coordinate reviews with SMEs (InfoSec, Compliance, Resiliency, Finance); synthesize control gaps and propose remediation, acceptance, or compensating controls in line with the TPRM policy.
• Provide coaching to business owners, managed service providers and vendors on completing questionnaires, evidence expectations, and timelines; handle escalations and sensitive assessments with discretion.
• Lead incremental workflow improvements in WSS/PU and support roadmap initiatives (e.g, Intake Optimization, IRQ refresh, scaled issue management, and risk‑intelligence integrations).

Benefits

• CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals.
• For a detailed look at CNA’s benefits, please visit cnabenefits.com.