Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
DysrupIT

TPRM Consultant

DysrupIT

TPRM Consultant building and operating vendor risk management program for certification readiness and compliance initiatives. Engaging in cross-functional coordination and support for audits and assessments.

Posted 7/5/2026part-timeRemote • 🇵🇭 PhilippinesMid-LevelSeniorWebsite

About the role

Key responsibilities & impact
  • Develop and build an end-to-end TPRM Program - onboarding, risk assessments, performance monitoring, and offboarding
  • Support ISO 27001 audit readiness activities, including gap assessments and remediation tracking as needed.
  • Assess third-party/vendor risk exposure and ensure compliance with security and regulatory requirements.
  • Coordinate with internal stakeholders (IT, Legal, Security, Procurement) to align the TPRM Program with existing frameworks
  • Develop and build the vendor risk registers, compliance trackers, and audit documentation as the single source of truth, keeping it current and audit-ready
  • Support internal and external audits, liaising with certification bodies as needed
  • Design the TPRM policy, procedure, and risk-tiering methodology (critical/high/medium/low based on data access, business impact, and regulatory exposure)
  • Build vendor risk assessment templates (SIG/CAIQ-aligned questionnaires, DPIA triggers for vendors processing personal data)
  • Establish the vendor inventory/register and define onboarding, monitoring, and offboarding workflows
  • Recommend standard security/privacy contract clauses and Data Processing Agreement (DPA) templates for Legal and Procurement to adopt
  • Own and execute the full vendor risk assessment lifecycle across all tiers on the defined cadence (e.g., annual for critical, biennial for lower risk)
  • Continuously monitor vendor risk posture (security ratings platforms, incident tracking, contract or scope changes) and reassess as needed
  • Coordinate with Legal/Procurement on contract renewals, DPA updates, and sub processor changes
  • Support internal and external audits (ISO 27001, customer security reviews) with TPRM evidence and documentation
  • Prepare and present vendor risk metrics, top risks, and program status to leadership/risk committee on a regular cadence (e.g., monthly or quarterly)
  • Provide guidance and light training to internal stakeholders (Procurement, business owners) on TPRM policy and process
  • Develop the SOP for managing vendor offboarding, including secure data return/destruction confirmation and access revocation tracking
  • Periodically refine the program (policy updates, template improvements, tooling optimization) as the vendor landscape and regulatory environment evolve
  • Reduce weekly hours once the vendor register is complete and the first full assessment cycle has closed, in agreement with the organization.

Requirements

What you’ll need
  • Proven experience in Vendor/Third-Party Risk Management
  • Solid background in GRC frameworks and practices
  • Experience preparing organizations for ISMS certification
  • Hands-on experience with ISO 27001 auditing (internal or external)
  • Familiarity with risk assessment methodologies and compliance reporting
  • Strong stakeholder management and cross-functional coordination skills
  • Strong working knowledge of ISO 27001, SOC 2, NIST CSF/800-53, GDPR (Art. 28, 32), and CCPA
  • Hands-on experience reviewing SOC 2 reports, ISO certificates, penetration test results, and vendor security questionnaires (SIG, CAIQ)
  • Experience drafting or advising on DPAs, security addenda, and sub-processor clauses
  • Comfortable operating as the embedded/de facto TPRM function — proactive, autonomous, and reliable on a recurring cadence rather than a one-time deliverable
  • Strong written and verbal communication skills, including presenting to executive stakeholders
  • Available for a sustained, ongoing commitment: 15–20 hours/week during the build phase, reducing thereafter.

Benefits

Comp & perks
  • None specified 📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Vendor Risk AssessmentCompliance ReportingISO 27001SOC 2NIST CSF/800-53GDPRDPA DraftingSecurity Questionnaire ReviewAudit DocumentationRisk-Tiering Methodology
Soft Skills
Strong Communication SkillsCross-Functional CoordinationProactive Problem SolvingAutonomous Work StyleStakeholder Engagement
Certifications
ISO 27001 Certification