Senior Consultant - Third Party Risks

About The Position

Requirements

• Bachelor’s degree in Risk Management, Business, Cybersecurity, Supply Chain, or related field.
• 5+ years of experience in third‑party risk management, vendor management, procurement, or risk/compliance.
• Demonstrable experience developing due‑diligence questionnaires and performing vendor risk assessments.
• Strong understanding of frameworks such as ISO 27001, NIST, SOC 2, and data‑protection requirements.
• Ability to analyze complex documentation (e.g., contracts, SOC reports, financial statements) and translate findings into clear recommendations.
• Strong stakeholder‑management skills and experience supporting clients across diverse industries.
• Excellent written communication skills and the ability to prepare high‑quality reports.

Nice To Haves

• Certifications such as CISM, CRISC, CISA, ISO 27001 Lead Auditor, or relevant vendor‑risk qualifications.
• Experience with TPRM/VRM systems (e.g., Archer, ServiceNow VRM, OneTrust, Prevalent).
• Understanding of cybersecurity domains relevant to third‑party risk, including access control, data protection, and incident response.
• Experience working in global or regulated environments with complex supply‑chain or vendor ecosystems.
• Ability to manage multiple simultaneous assessments and deadlines.

Responsibilities

• Develop, maintain, and continuously update a complete inventory of all vendors, suppliers, and third‑party service providers.
• Classify vendors based on criticality, service type, data access, and inherent risk.
• Design risk‑based due‑diligence questionnaires tailored to different vendor categories (e.g., cyber, financial, operational, regulatory).
• Conduct initial and ongoing due‑diligence assessments, including analysis of financial stability, cybersecurity controls, data protection practices, business continuity, and compliance posture.
• Review and interpret SOC reports, ISO certifications, penetration testing results, and other external assurance documentation.
• Identify control gaps and document findings in clear, risk‑based reports supported by actionable recommendations.
• Support stakeholders during vendor onboarding and renewal processes by validating risk, compliance, and performance.
• Maintain and update risk assessment documentation throughout the vendor lifecycle.
• Monitor key vendor SLAs, KPIs, and contractual obligations.
• Conduct periodic vendor performance reviews and escalate identified issues.
• Support remediation planning and provide oversight of vendor corrective actions.
• Serve as a primary point of contact for both internal stakeholders and third‑party partners.
• Develop standardized templates, workflows, and procedures for third‑party oversight.
• Build dashboards and reporting packs for senior management and risk committees.
• Ensure all due‑diligence records, approvals, and risk treatment plans are maintained in accordance with governance requirements.
• Support the development of policies and playbooks related to third‑party risk management.

Benefits

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• We operate a discretionary bonus scheme that incentivizes, and rewards individuals based on company and individual performance.
• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• Medical Benefits
• Prescription Benefits
• FSA
• Dental Benefits
• Vision Benefits
• Life and AD&D
• Voluntary Life and AD&D
• Disability Benefits
• Voluntary Benefits
• 401 (K) Retirement
• Nationwide Pet Insurance
• Employee Assistance Program