Third Party Risk Manager

About The Position

Requirements

• Bachelor’s Degree
• Information Technology and/or Cybersecurity background and/or experience, including 5–8+ years of IT, cybersecurity, risk management, or third-party risk experience with network, platform, and/or application technology
• One or more of the following certifications required: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Third Party Risk Assessor (CTPRA), Certified in Risk and Information Systems Control (CRISC)
• Strong knowledge of security domains such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, cloud security, or web security
• Working knowledge of one or more compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, PCI DSS, or HITRUST
• Experience managing multiple projects and teams in a fast-paced consulting environment
• Demonstrated leadership experience overseeing project execution, client relationships, and team performance
• Proven ability to learn new technologies and systems, especially through independent research and self-study
• Strong verbal and written communication skills with the ability to present technical information to both technical and executive audiences
• Ability to manage project schedules, budgets, staffing, and client expectations
• Ability to travel domestically an average of 20%–50% per year

Nice To Haves

• Certified in Risk and Information Systems Control (CRISC) preferred
• Bachelor’s and/or advanced degree with a concentration in Cybersecurity, Risk Management, Computer Science, Management Information Systems, or related field
• Experience working with or assessing third-party vendors and service providers
• IT or cybersecurity experience at a leading public company, consulting firm, or regulated industry organization
• Experience with Archer, ProcessUnity, ServiceNow, OneTrust, or other GRC/VRM platforms
• Experience with security ratings platforms and continuous monitoring solutions
• Experience leading teams and mentoring junior professionals in a consulting or advisory environment
• Bilingual capabilities preferred
• Open to remote work arrangements

Responsibilities

• Leading Third Party Risk Assessments by evaluating third-party questionnaire responses, performing control validation, and assessing documentation per established procedures and standards
• Managing and overseeing assessment teams, project timelines, and client deliverables across multiple engagements
• Performing and overseeing site visits to third-party facilities
• Evaluating the effectiveness of security controls for compliance with applicable policies, security laws, regulations, and industry standards
• Assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) deployments
• Documenting information security risk and compliance findings, presenting recommendations for remediation, and communicating results to client leadership
• Performing quality assurance reviews of assessments completed by team members to ensure consistency and accuracy
• Delivering high-quality, executive-level reports and presentations
• Coordinating schedules, resource allocation, and assessment activities for key third-party clients while overseeing all key deliverables
• Supporting business development initiatives, client relationship management, and practice growth efforts
• Mentoring, coaching, and developing staff and senior consultants within the practice

Benefits

• Comprehensive total rewards package