FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
About the role
Key responsibilities & impact- Develop and build an end-to-end TPRM Program - onboarding, risk assessments, performance monitoring, and offboarding
- Support ISO 27001 audit readiness activities, including gap assessments and remediation tracking as needed.
- Assess third-party/vendor risk exposure and ensure compliance with security and regulatory requirements.
- Coordinate with internal stakeholders (IT, Legal, Security, Procurement) to align the TPRM Program with existing frameworks
- Develop and build the vendor risk registers, compliance trackers, and audit documentation as the single source of truth, keeping it current and audit-ready
- Support internal and external audits, liaising with certification bodies as needed
- Design the TPRM policy, procedure, and risk-tiering methodology (critical/high/medium/low based on data access, business impact, and regulatory exposure)
- Build vendor risk assessment templates (SIG/CAIQ-aligned questionnaires, DPIA triggers for vendors processing personal data)
- Establish the vendor inventory/register and define onboarding, monitoring, and offboarding workflows
- Recommend standard security/privacy contract clauses and Data Processing Agreement (DPA) templates for Legal and Procurement to adopt
- Own and execute the full vendor risk assessment lifecycle across all tiers on the defined cadence (e.g., annual for critical, biennial for lower risk)
- Continuously monitor vendor risk posture (security ratings platforms, incident tracking, contract or scope changes) and reassess as needed
- Coordinate with Legal/Procurement on contract renewals, DPA updates, and sub processor changes
- Support internal and external audits (ISO 27001, customer security reviews) with TPRM evidence and documentation
- Prepare and present vendor risk metrics, top risks, and program status to leadership/risk committee on a regular cadence (e.g., monthly or quarterly)
- Provide guidance and light training to internal stakeholders (Procurement, business owners) on TPRM policy and process
- Develop the SOP for managing vendor offboarding, including secure data return/destruction confirmation and access revocation tracking
- Periodically refine the program (policy updates, template improvements, tooling optimization) as the vendor landscape and regulatory environment evolve
- Reduce weekly hours once the vendor register is complete and the first full assessment cycle has closed, in agreement with the organization.
Requirements
What you’ll need- Proven experience in Vendor/Third-Party Risk Management
- Solid background in GRC frameworks and practices
- Experience preparing organizations for ISMS certification
- Hands-on experience with ISO 27001 auditing (internal or external)
- Familiarity with risk assessment methodologies and compliance reporting
- Strong stakeholder management and cross-functional coordination skills
- Strong working knowledge of ISO 27001, SOC 2, NIST CSF/800-53, GDPR (Art. 28, 32), and CCPA
- Hands-on experience reviewing SOC 2 reports, ISO certificates, penetration test results, and vendor security questionnaires (SIG, CAIQ)
- Experience drafting or advising on DPAs, security addenda, and sub-processor clauses
- Comfortable operating as the embedded/de facto TPRM function — proactive, autonomous, and reliable on a recurring cadence rather than a one-time deliverable
- Strong written and verbal communication skills, including presenting to executive stakeholders
- Available for a sustained, ongoing commitment: 15–20 hours/week during the build phase, reducing thereafter.
Benefits
Comp & perks- None specified 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Vendor Risk AssessmentCompliance ReportingISO 27001SOC 2NIST CSF/800-53GDPRDPA DraftingSecurity Questionnaire ReviewAudit DocumentationRisk-Tiering Methodology
Soft Skills
Strong Communication SkillsCross-Functional CoordinationProactive Problem SolvingAutonomous Work StyleStakeholder Engagement
Certifications
ISO 27001 Certification
