Third-Party Risk Consultant

MassMutualSpringfield, MA
Hybrid

About The Position

As a Third-Party Risk Consultant, you will play a crucial role in implementing the third-party risk framework. This position is responsible for executing third-party risk assessments and due diligence activities across the MassMutual’s third-party ecosystem. Additionally, you will support the adoption of risk management practices across the ETX organization. As a key member of the ETX Third-Party Technology Assurance team, you will help drive change and enhance operational efficiency throughout the organization.

Requirements

  • 2+ years of experience in risk management and/or completing third-party risk assessments
  • 2+ years of experience implementing metrics to track status, identify trends, and surface potential issues
  • 2+ years of experience working in an enterprise GRC platform, including proficient use of Excel import/export functions

Nice To Haves

  • Bachelor’s degree, preferably in technology, cybersecurity, risk management, or business-related field
  • 3+ years of experience in third-party risk management, technology risk, cybersecurity, audit, or testing controls
  • Proficiency with SharePoint and related tools used to execute an effective regulatory compliance program
  • Experience communicating regulatory requirements to technical and non-technical audiences, and facilitating discussions between ETX owners, Compliance, and Law to ensure a shared understanding and effective compliance
  • Foundational understanding of third-party risk domains, including: Cybersecurity and data protection, Cloud/SaaS risk considerations, Identity and access management (e.g., SSO vs. standalone access), Business continuity and resiliency
  • Familiarity with industry frameworks such as NIST, ISO 27001, SOC 2, or similar
  • Ability to interpret control evidence and assess adequacy relative to risk
  • Strong written and verbal communication skills, with the ability to interact effectively with internal stakeholders and third parties
  • Demonstrated ability to execute with limited guidance while meeting deadlines in a structured, process-driven environment
  • Strong attention to detail and documentation discipline

Responsibilities

  • Analyze third-party services, data flows, and system integrations to identify and recommend inherent and residual risk exposure.
  • Collaborate with issue management teams to ensure identified risks, including vulnerabilities, are appropriately tracked, communicated, and remediated.
  • Contribute to status reporting and metrics tracking for ongoing third-party risk activities.
  • Evaluate, document, communicate, and support breach event and incident response activities.
  • Execute risk evaluation procedures by reviewing evidence, documenting observations, and recording results in accordance with defined templates and quality standards.
  • Identify control gaps, weaknesses, or non-compliance issues and clearly document and recommend findings for further review and disposition.
  • Partner with senior practitioners to support risk rating determinations and escalation decisions.
  • Apply knowledge and discretion when performing risk assessments to ensure third parties meet security and technology standards in alignment with established practices and procedures.
  • Proactively escalate delays, gaps in information, or emerging risks to the team lead.
  • Research and consult with internal subject matter experts to understand and document risk identified through risk assessments and due diligence practices, and communicate the findings to stakeholders.

Benefits

  • Competitive salaries
  • Incentive and bonus opportunities
  • Bonus target or Variable Incentive Compensation component
  • Access to learning, development, and internal networks
  • Employee-led communities and forums
  • Strong legacy and a future-focused mindset
  • Industry leading pay and benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service