Third Party Risk Management (TPRM) Consultant

  • San Francisco, CA
  • Posted 4 days ago | Updated 4 days ago

Overview

On Site
Depends on Experience
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 12 Month(s)

Skills

TPRM
Vendor Risk management
IT Audit

Job Details

Key Responsibilities

  • Perform third-party/vendor security assessments, including review of security documentation such as ISO 27001 certifications, SOC 1 and SOC 2 reports, and other relevant attestations.
  • Evaluate vendor risk based on responses to security questionnaires and evidence of controls.
  • Use BitSight tools to review and continuously monitor vendors cybersecurity posture and identify emerging risks.
  • Maintain and update the vendor risk management system, ensuring accurate documentation of assessments, remediation actions, and risk ratings.
  • Collaborate with Information Security and Procurement teams to ensure that risk findings are communicated and addressed.
  • Assist in developing and refining third-party risk management procedures, policies, and reporting.
  • Track remediation efforts and follow up with vendors on open findings or improvement actions.
  • Support due diligence efforts for new vendor engagements and periodic reviews of existing relationships.
  • Stay current on evolving cybersecurity threats, regulatory expectations, and third-party risk management best practices.

Qualifications

  • Bachelor s degree in Information Security, Information Technology, Risk Management, or a related field (or equivalent experience).
  • 2+ years of experience in vendor risk management, information security, or IT audit.
  • Familiarity with security and privacy frameworks, including ISO 27001, NIST CSF, and SOC 2 Trust Service Criteria.
  • Experience using BitSight, Security Scorecard, or other vendor risk rating platforms.
  • Strong analytical and communication skills with the ability to present findings clearly to technical and non-technical stakeholders.
  • Detail-oriented, with strong organizational and documentation skills.
  • Experience working in a law firm, financial services, or other regulated environment preferred.

Preferred Skills

  • Understanding of data privacy regulations (e.g., GDPR, CCPA, HIPAA).
  • Experience with vendor management systems (e.g., Archer, One Trust, Process Unity, etc.).
  • Relevant certifications such as CISA, CRISC, CISSP, or CTPRP are a plus.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.