Third Party Risk Management (TPRM) Consultant

GloPros · Turbigo, Lombardia, Italia · · 50€ - 70€

Descrizione dell'offerta

Experience and Role Summary

8–10 years of experience in Third-Party/Vendor Risk Management, IT Risk, or Information Security Risk. The TPRM Consultant will design, implement, and mature the company's Third-Party Risk Management program.

Key Responsibilities

  • Design and implement an end-to-end TPRM framework aligned with industry standards and regulations (ISO 27001, NIST, SOC, GDPR, applicable regulatory guidance).
  • Define and operationalize third‑party lifecycle processes: onboarding, risk tiering, due diligence, ongoing monitoring, and offboarding.
  • Conduct security, privacy, and compliance risk assessments of third parties and produce actionable risk findings.
  • Review third‑party evidence (SOC reports, ISO certificates, policies, questionnaires) and identify control gaps and mitigation needs.
  • Track risk issues, remediation activities, and residual risk through to closure.
  • Develop and execute a TPRM maturity roadmap, driving continuous process improvement and standardization.
  • Support selection, configuration, and deployment of GRC/TPRM tooling to automate assessments, workflows, and reporting.
  • Prepare management and executive‑level reporting on third‑party risk posture and trends.
  • Serve as a strategic advisor to Business, Procurement, Legal, IT, and Compliance stakeholders on third‑party risk matters.
  • Support internal and external audits and regulatory reviews related to third‑party risk.

Required Skills & Experience

  • 8–10 years of hands‑on experience in TPRM, vendor risk, or IT risk management.
  • Proven track record implementing and maturing TPRM programs in enterprise environments.
  • Strong understanding of information security, privacy, and regulatory risks associated with third parties.
  • Experience with GRC/TPRM platforms (e.g., ServiceNow GRC, Archer, OneTrust, MetricStream).
  • Excellent analytical skills, clear documentation practices, and strong stakeholder communication and facilitation abilities.

Preferred Qualifications

  • Professional certifications such as CISA, CISM, CRISC, or ISO 27001 LA/LI.
  • Consulting or advisory experience supporting enterprise TPRM transformations.

KPIs — First 12 Months

Program & Framework

  • TPRM framework designed, approved, and operationalized across IT, OT, and manufacturing vendor populations.
  • Risk tiering model implemented for 100% of active third parties.

Assessments & Coverage

  • Risk assessments completed for 100% of critical and high‑risk vendors.
  • Measurable reduction in assessment cycle time versus baseline.
  • All high‑risk findings tracked with defined remediation plans and owners.
  • 90% of agreed remediation actions closed within defined SLAs.

Process Maturity

  • TPRM maturity improved by at least one level (e.g., from ad hoc to standardized).
  • Standard templates, workflows, and reporting fully deployed.

Visibility & Reporting

  • Executive‑level third‑party risk dashboard implemented.
  • Regular risk reporting established for leadership and manufacturing stakeholders.

#J-18808-Ljbffr
Candidati ora Torna all'elenco

Azioni

Candidati ora Salva nei preferiti Torna all'elenco