Third-Party Risk Management (TPRM) Specialists

The Third-Party Risk Management (TPRM) Specialist is responsible for assessing, monitoring, and mitigating risks associated with external vendors and third-party service providers. This role plays a critical part in ensuring that vendors meet the organization’s standards for security, compliance, and operational risk. The TPRM Specialist collaborates with internal teams and external partners to evaluate vendor risk across a variety of domains, including cybersecurity, data privacy, regulatory compliance, and financial stability.

Key Responsibilities :

Conduct comprehensive risk assessments of third-party vendors during onboarding and periodically throughout the relationship lifecycle.

Develop and manage vendor risk profiles using questionnaires, risk rating tools, and due diligence documentation.

Evaluate vendors for compliance with regulatory requirements such as GDPR, HIPAA, SOC , ISO , and other relevant standards.

Work closely with Legal, Compliance, IT Security, and Procurement teams to ensure risk mitigation strategies are in place.

Support third-party audits, SOC reviews, and on-site assessments.

Maintain an up-to-date inventory of all third-party relationships and risk classifications.

Monitor vendors for changes in risk status, incidents, or negative news using external tools and internal reporting mechanisms.

Escalate high-risk findings and provide actionable recommendations to reduce exposure.

Assist in the development and enhancement of TPRM frameworks, policies, and procedures.

Ensure documentation and risk records are accurate and audit-ready.

Qualifications :

Bachelor’s degree in Risk Management, Information Security, Business, or a related field (Master’s preferred).

• years of experience in third-party risk management, vendor management, compliance, or information security.

Familiarity with regulatory and industry frameworks such as NIST, ISO, SOC , FFIEC, PCI-DSS, etc.

Experience using GRC (Governance, Risk, and Compliance) or TPRM platforms (, Archer, OneTrust, ProcessUnity, RiskRecon).

Strong analytical skills and attention to detail.

Excellent communication and interpersonal skills for cross-functional collaboration and vendor engagement.

Certifications such as CTPRP, CTPRA, CRISC, or CISSP are a plus.

Preferred Skills :

Knowledge of contract review from a risk perspective.

Experience in risk scoring and tiering methodologies.

Ability to manage multiple vendor assessments simultaneously under tight deadlines.

Understanding of cloud vendor risk (, AWS, Azure, SaaS providers).