Job Description
About Kelly OCG
Kelly Outsourcing & Consulting Group (Kelly OCG) is a global leader in talent management solutions, specializing in MSP and RPO. We partner with leading organizations to help them attract exceptional talent and deliver outstanding workforce solutions.
We’re looking for passionate, driven professionals who love delivering amazing results and want to be part of a high-performing team.
About the role
As a Senior TPRM Analyst, you will support Execute inherent and residual risk assessments (IRA/RRA) for suppliers, vendors, customers, and partners by analyzing questionnaire responses, evidence, and assessing risk scores. Collaborate with domain SMEs (cybersecurity, privacy, ESG, legal) to validate risks, identify required controls, and escalate high-risk engagements as needed. Contribute to TPRM policy, framework, and SOP development, including control libraries, risk taxonomy, and process documentation. Engage with cross-functional teams (Procurement, Legal, Sales, Supplier Enablement) to gather risk-relevant data and ensure alignment with business context. Support remediation tracking, risk reporting, and audit readiness by maintaining documentation and providing inputs for dashboards and governance updates.
Key responsibilities
- Strong understanding of the third-party risk management lifecycle, including inherent/residual risk assessments, onboarding, and monitoring (Required)
- Hands-on experience evaluating risk domains such as BCM, Financial, Operational, Regulatory, cybersecurity, privacy, ESG, and reputational risk (Required)
- Lead and execute comprehensive third-party screening and due diligence activities, including inherent risk screening, adverse media checks, sanctions and watchlist screening, regulatory exposure analysis, and review of third-party ownership and reputational risk indicators.
- Apply judgment to screening results to determine risk relevance, escalate high-risk findings, and support informed onboarding and risk acceptance decisions in alignment with TPRM governance standards
- Excellent analytical and communication skills with the ability to interpret risk data and articulate findings to stakeholders (Required)
- Proven ability to collaborate with cross-functional teams like Legal, Procurement, and IT to align on risk mitigation strategies (Required)
- Familiarity with TPRM or GRC tools such as Coupa, Service Now, Archer, or equivalent platforms (Preferred)
- Working knowledge of regulatory and control frameworks such as ISO 27001, NIST, SIG, or GDPR (Preferred)
Risk Assessment & Execution
- Conduct inherent and residual risk assessments (IRA/RRA) across third-party categories (suppliers, vendors, customers, partners)
- Review questionnaires and supporting evidence across domains like such as cybersecurity, privacy, ESG, and legal
- Collaborate with SMEs to validate risk exposure, assign scores, escalate high-risk cases, and track remediation items
- Policy, Process & Stakeholder Engagement Contribute to development and enhancement of TPRM policies, SOPs, intake triggers, and risk taxonomies
- Engage with Legal, Procurement, Sales, and Supplier Enablement to gather risk inputs and align assessments with business context
- Support risk reporting, audit readiness, and periodic governance documentation
- Additional Duties Assist in onboarding, cross-functional projects, and other tasks as assigned to support TPRM operations
What we’re looking for
- Minimum 3-5years’ experience in performing TPRM Risk Assessments and conducting third-party screening, due diligence, adverse media analysis, and sanctions/watchlist reviews.
- Someone who is proactive and can drive responsibilities as individual contributor and team player wherever needed.
- Experience in third-party due diligence, enterprise risk, compliance, or governance roles. (Required)
- Experience performing risk assessments and scoring for third-party engagements. (Required)
- Exposure to Coupa Risk Assess, Service Now VRM, Archer, or similar TPRM/GRC tools. (Required)
- Drafting policies, SOPs, or risk documentation in a legal/compliance environment (Preferred)
- Experience with TPRM for a provider of staffing services (Preferred, but not Required) Certifications Preferred: CTPRP, CRMP, CISA
Why join Kelly OCG?
- Work with a global industry leader
- Meaningful client impact
- Collaborative and supportive team culture
- Opportunities for professional growth
Kelly Outsourcing & Consulting Group (Kelly OCG) is a global leader in talent management solutions, specializing in MSP and RPO. We partner with leading organizations to help them attract exceptional talent and deliver outstanding workforce solutions.
We’re looking for passionate, driven professionals who love delivering amazing results and want to be part of a high-performing team.
About the role
As a Senior TPRM Analyst, you will support Execute inherent and residual risk assessments (IRA/RRA) for suppliers, vendors, customers, and partners by analyzing questionnaire responses, evidence, and assessing risk scores. Collaborate with domain SMEs (cybersecurity, privacy, ESG, legal) to validate risks, identify required controls, and escalate high-risk engagements as needed. Contribute to TPRM policy, framework, and SOP development, including control libraries, risk taxonomy, and process documentation. Engage with cross-functional teams (Procurement, Legal, Sales, Supplier Enablement) to gather risk-relevant data and ensure alignment with business context. Support remediation tracking, risk reporting, and audit readiness by maintaining documentation and providing inputs for dashboards and governance updates.
Key responsibilities
- Strong understanding of the third-party risk management lifecycle, including inherent/residual risk assessments, onboarding, and monitoring (Required)
- Hands-on experience evaluating risk domains such as BCM, Financial, Operational, Regulatory, cybersecurity, privacy, ESG, and reputational risk (Required)
- Lead and execute comprehensive third-party screening and due diligence activities, including inherent risk screening, adverse media checks, sanctions and watchlist screening, regulatory exposure analysis, and review of third-party ownership and reputational risk indicators.
- Apply judgment to screening results to determine risk relevance, escalate high-risk findings, and support informed onboarding and risk acceptance decisions in alignment with TPRM governance standards
- Excellent analytical and communication skills with the ability to interpret risk data and articulate findings to stakeholders (Required)
- Proven ability to collaborate with cross-functional teams like Legal, Procurement, and IT to align on risk mitigation strategies (Required)
- Familiarity with TPRM or GRC tools such as Coupa, Service Now, Archer, or equivalent platforms (Preferred)
- Working knowledge of regulatory and control frameworks such as ISO 27001, NIST, SIG, or GDPR (Preferred)
Risk Assessment & Execution
- Conduct inherent and residual risk assessments (IRA/RRA) across third-party categories (suppliers, vendors, customers, partners)
- Review questionnaires and supporting evidence across domains like such as cybersecurity, privacy, ESG, and legal
- Collaborate with SMEs to validate risk exposure, assign scores, escalate high-risk cases, and track remediation items
- Policy, Process & Stakeholder Engagement Contribute to development and enhancement of TPRM policies, SOPs, intake triggers, and risk taxonomies
- Engage with Legal, Procurement, Sales, and Supplier Enablement to gather risk inputs and align assessments with business context
- Support risk reporting, audit readiness, and periodic governance documentation
- Additional Duties Assist in onboarding, cross-functional projects, and other tasks as assigned to support TPRM operations
What we’re looking for
- Minimum 3-5years’ experience in performing TPRM Risk Assessments and conducting third-party screening, due diligence, adverse media analysis, and sanctions/watchlist reviews.
- Someone who is proactive and can drive responsibilities as individual contributor and team player wherever needed.
- Experience in third-party due diligence, enterprise risk, compliance, or governance roles. (Required)
- Experience performing risk assessments and scoring for third-party engagements. (Required)
- Exposure to Coupa Risk Assess, Service Now VRM, Archer, or similar TPRM/GRC tools. (Required)
- Drafting policies, SOPs, or risk documentation in a legal/compliance environment (Preferred)
- Experience with TPRM for a provider of staffing services (Preferred, but not Required) Certifications Preferred: CTPRP, CRMP, CISA
Why join Kelly OCG?
- Work with a global industry leader
- Meaningful client impact
- Collaborative and supportive team culture
- Opportunities for professional growth
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application