Job Description

Job Purpose (ideally 3-5 sentences)

This role is responsible for:

  • Execute inherent and residual risk assessments (IRA/RRA) for suppliers, vendors, customers, and partners by analysing questionnaire responses, evidence, and assigning risk scores.
  • Collaborate with domain SMEs (cybersecurity, privacy, ESG, legal) to validate risks, identify required controls, and escalate high-risk engagements as needed.
  • Contribute to TPRM policy, framework, and SOP development, including control libraries, risk taxonomy, and process documentation.
  • Engage with cross-functional teams (Procurement, Legal, Sales, Supplier Enablement) to gather risk-relevant data and ensure alignment with business context.
  • Support remediation tracking, risk reporting, and audit readiness by maintaining documentation and providing inputs for dashboards and governance updates.

    • % of Time

    (required)

    Essential Functions (ideally 5-10 with greatest % first)

    60%

  • Risk Assessment & Execution
  • Conduct inherent and residual risk assessments (IRA/RRA) across third-party categories (suppliers, vendors, customers, partners)
  • Review questionnaires and supporting evidence across domains like such as cybersecurity, privacy, ESG, and legal
  • Collaborate with SMEs to validate risk exposure, assign scores, escalate high-risk cases, and track remediation items

    • 30%

  • Policy, Process & Stakeholder Engagement
  • Contribute to development and enhancement of TPRM policies, SOPs, intake triggers, and risk taxonomies
  • Engage with Legal, Procurement, Sales, and Supplier Enablement to gather risk inputs and align assessments with business context
  • Support risk reporting, audit readiness, and periodic governance documentation

    • 10%

  •  Additional Duties
  • Assist in onboarding, cross-functional projects, and other tasks as assigned to support TPRM operations

    • Knowledge and Skills /indicate required or preferred

  • Strong understanding of the third-party risk management lifecycle, including inherent/residual risk assessments, onboarding, and monitoring (Required)
  • Hands-on experience evaluating risk domains such as cybersecurity, privacy, ESG, legal, and reputational risk (Required)
  • Excellent analytical and communication skills with the ability to interpret risk data and articulate findings to stakeholders (Required)
  • Proven ability to collaborate with cross-functional teams like Legal, Procurement, and IT to align on risk mitigation strategies (Required)
  • Familiarity with TPRM or GRC tools such as Coupa, ServiceNow, Archer, or equivalent platforms (Preferred)
  • Working knowledge of regulatory and control frameworks such as ISO 27001, NIST, SIG, or GDPR (Preferred)

    • Requirements (indicate required or preferred)

    Experience:

    Type

    Number of Years

  • Experience in third-party due diligence, enterprise risk, compliance, or governance roles. (Required)
  • Experience performing risk assessments and scoring for third-party engagements. (Required)
  • Exposure to Coupa Risk Assess, ServiceNow VRM, Archer, or similar TPRM/GRC tools. (Required)
  • Drafting policies, SOPs, or risk documentation in a legal/compliance environment (Preferred)
  • Experience with TPRM for a provider of staffing services (Preferred, but not Required) Certifications Preferred: CTPRP, CRMP, CISA
  • 3-5 Yrs of Total experience

    • Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application