Role Descriptions:
We are seeking an experienced Third-Party Risk Management (TPRM) Assessment and Remediation Subject Matter Expert to manage the end-to-end lifecycle of suppliervendor cybersecurity risk assessments and remediation from inventory governance through assessment coordination, escalation management, and executive reporting in a fully remote, client-facing environment.
This role serves as the process authority for vendor risk assessments, findings management, and cross-functional remediation, requiring precise, proactive communication to maintain trust with high-visibility stakeholders.
Required Qualifications
5+ years in cybersecurity, TPRM, GRC operations, or supplier risk coordination.
Working knowledge of NIST CSF, ISO 27001, SOC 2, SIGCAIQ.
Hands-on experience with GRCTPRM tools (OneTrust, Archer, ServiceNow GRC, SupplierNinja, or similar).
Proven ownership of high-volume, multi-step communication workflows with strict trackingdocumentation.
Excellent written communication for remote, client-facing engagement.
Experience operating in distributedremote teams. Preferred Qualifications
Certification: CTPRP, CRISC, CISA, or CISSP.
Experience with Wrike, AirTable, Jira, or similar tracking tools.
Prior experience in regulated industries (financial services, healthcare, insurance).
Track record producing leadership-facing weekly reporting.
Skills: ISO 27001:2005Cyber Security - GRC - Vendor Risk Assessment Cyber Security - GRC - Data Security
Experience Required: 8-10
All submissions must have LinkedIn id of Candidate**
Key Responsibilities
1. Supplier Inventory Management
Maintain the Supplier Inventory (GRC platform, e.g., SupplierNinja) as the single source of truth for assessment status.
Tierfilter suppliers requiring reassessment vs. new assessment per program criteria.
Maintain accurate Direct Responsible Individual (DRI) records in the GRC tool (e.g., OneTrust).
2. Assessment Execution
Evaluate suppliers against standard frameworks (SIG, CAIQ, NIST CSF, ISO 27001, SOC 2) and validate evidence (audit reports, certifications, pen test results).
Confirm DRI ownership and obtain kick-off acknowledgement before initiating assessments.
Log and track assessment tasks in a workflow tool (e.g., Wrike), including acknowledgement evidence.
Confirm onsite-assessed suppliers have current-year coverage (e.g., in AirTable).
Participate in recurring findings-review meetings (e.g., CSFA), advising on policy and evidence standards.
3. Remediation Management
Own Corrective Action Plans (CAPs) end-to-end: define SLAs, track progress, drive closure with vendors and business owners.
Coordinate with Legal, Procurement, and InfoSec on remediation timelines and compensating controls.
4. Stakeholder Communication & Escalation
Run a structured outreach cadence with DRIs (kick-off 3 follow-ups 3 escalations to management).
Track responsenon-response rates for every outreach cycle.
Escalate unresolvedhigh-risk findings to client leadership and track to closure. 5. Weekly Reporting
Deliver a standing weekly metrics report to leadership: outreach volume, response rates, follow-upescalation status, suppliers approved for (re)assessment, and overall assessmentremediation coverage.