Senior Consultant - Third Party Risks

Control RisksNew York, NY
1d$125,000 - $135,000

About The Position

We are seeking a highly skilled and motivated Third‑Party Manager to support our client in developing and maturing their third‑party risk management (TPRM) framework. In this role, you will support the creation of a full vendor inventory, design due‑diligence questionnaires, and perform comprehensive due‑diligence assessments across the vendor lifecycle. You will play a central role in ensuring that third‑party risks are identified, assessed, and managed effectively while collaborating closely with internal and external stakeholders.

Requirements

  • Bachelor’s degree in Risk Management, Business, Cybersecurity, Supply Chain, or related field.
  • 5+ years of experience in third‑party risk management, vendor management, procurement, or risk/compliance.
  • Demonstrable experience developing due‑diligence questionnaires and performing vendor risk assessments.
  • Strong understanding of frameworks such as ISO 27001, NIST, SOC 2, and data‑protection requirements.
  • Ability to analyze complex documentation (e.g., contracts, SOC reports, financial statements) and translate findings into clear recommendations.
  • Strong stakeholder‑management skills and experience supporting clients across diverse industries.
  • Excellent written communication skills and the ability to prepare high‑quality reports.

Nice To Haves

  • Certifications such as CISM, CRISC, CISA, ISO 27001 Lead Auditor, or relevant vendor‑risk qualifications.
  • Experience with TPRM/VRM systems (e.g., Archer, ServiceNow VRM, OneTrust, Prevalent).
  • Understanding of cybersecurity domains relevant to third‑party risk, including access control, data protection, and incident response.
  • Experience working in global or regulated environments with complex supply‑chain or vendor ecosystems.
  • Ability to manage multiple simultaneous assessments and deadlines.

Responsibilities

  • Develop, maintain, and continuously update a complete inventory of all vendors, suppliers, and third‑party service providers.
  • Classify vendors based on criticality, service type, data access, and inherent risk.
  • Design risk‑based due‑diligence questionnaires tailored to different vendor categories (e.g., cyber, financial, operational, regulatory).
  • Conduct initial and ongoing due‑diligence assessments, including analysis of financial stability, cybersecurity controls, data protection practices, business continuity, and compliance posture.
  • Review and interpret SOC reports, ISO certifications, penetration testing results, and other external assurance documentation.
  • Identify control gaps and document findings in clear, risk‑based reports supported by actionable recommendations.
  • Support stakeholders during vendor onboarding and renewal processes by validating risk, compliance, and performance.
  • Maintain and update risk assessment documentation throughout the vendor lifecycle.
  • Monitor key vendor SLAs, KPIs, and contractual obligations.
  • Conduct periodic vendor performance reviews and escalate identified issues.
  • Support remediation planning and provide oversight of vendor corrective actions.
  • Serve as a primary point of contact for both internal stakeholders and third‑party partners.
  • Develop standardized templates, workflows, and procedures for third‑party oversight.
  • Build dashboards and reporting packs for senior management and risk committees.
  • Ensure all due‑diligence records, approvals, and risk treatment plans are maintained in accordance with governance requirements.
  • Support the development of policies and playbooks related to third‑party risk management.

Benefits

  • Medical Benefits
  • Prescription Benefits
  • FSA
  • Dental Benefits
  • Vision Benefits
  • Life and AD&D
  • Voluntary Life and AD&D
  • Disability Benefits
  • Voluntary Benefits
  • 401 (K) Retirement
  • Nationwide Pet Insurance
  • Employee Assistance Program
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service