Third Party Cyber Risk Manager

Role Overview

We are looking for an experienced Third Party Cyber Risk Manager to lead and strengthen our third-party/vendor risk management program. This role will focus on identifying, assessing, and mitigating cybersecurity risks associated with external vendors, partners, and service providers.

Key Responsibilities

• Lead end-to-end Third Party Risk Management (TPRM) lifecycle including onboarding, risk assessments, monitoring, and offboarding
• Perform cybersecurity risk assessments of vendors (SIG, CAIQ, ISO, SOC2 reports, etc.)
• Evaluate vendor security posture across domains like network security, data protection, identity & access, cloud security
• Collaborate with procurement, legal, compliance, and IT security teams for risk evaluation and mitigation
• Define and enforce vendor risk policies, standards, and frameworks
• Track and manage risk remediation plans and ensure timely closure
• Monitor ongoing vendor risks and conduct periodic reassessments
• Support regulatory and audit requirements (GDPR, ISO 27001, NIST, etc.)
• Report risk posture and KPIs to senior leadership

Required Skills & Experience

• 6–10+ years of experience in Cybersecurity / Information Security / Risk Management
• Strong experience in Third Party Risk Management (TPRM/TPCRM)
• Deep understanding of security frameworks (NIST, ISO 27001, CIS, SOC2)
• Experience with vendor risk assessment tools (Archer, OneTrust, ServiceNow VRM, etc.)
• Knowledge of cloud security (AWS/Azure/GCP) and modern architectures
• Strong understanding of security controls, vulnerabilities, and threat landscape
• Excellent stakeholder communication and risk reporting skills

Preferred Qualifications

• Certifications such as CISSP, CISM, CRISC, CISA
• Experience in financial services / healthcare / regulated industries
• Familiarity with data privacy laws (GDPR, CCPA, etc.)
• Hands-on exposure to security audits and compliance programs