GRC TPRM Assessment & Remediation SME
Contract Independent
Contract W2
Contract Corp To Corp
6 Months
No Travel Required
On-site
Depends on Experience


Galaxy i Technologies, Inc.
Fitment
Dice Job Match Score™
📋 Comparing job requirements...
Job Details
Skills
- GRC
- Cyber Security
- TPRM
Summary
Hi ,
Hope you are doing well.
My name is Vishal Singh and I am a Staffing Specialist at “Galaxy I Tech”. I am reaching out to you on an exciting job opportunity with one of our clients.
Hybrid Role
Job Title: GRC TPRM Assessment and Remediation SME
Role Descriptions:
"We are seeking an experienced Third-Party Risk Management (TPRM) Assessment and Remediation Subject Matter Expert to manage the end-to-end lifecycle of supplier/vendor cybersecurity risk assessments and remediation — from inventory governance through assessment coordination, escalation management, and executive reporting — in a fully remote, client-facing environment.
This role serves as the process authority for vendor risk assessments, findings management, and cross-functional remediation, requiring precise, proactive communication to maintain trust with high-visibility stakeholders.
Key Responsibilities
1. Supplier Inventory Management
• Maintain the Supplier Inventory (GRC platform, e.g., SupplierNinja) as the single source of truth for assessment status.
• Tier/filter suppliers requiring reassessment vs. new assessment per program criteria.
• Maintain accurate Direct Responsible Individual (DRI) records in the GRC tool (e.g., OneTrust).
2. Assessment Execution
• Evaluate suppliers against standard frameworks (SIG, CAIQ, NIST CSF, ISO 27001, SOC 2) and validate evidence (audit reports, certifications, pen test results).
• Confirm DRI ownership and obtain kick-off acknowledgement before initiating assessments.
• Log and track assessment tasks in a workflow tool (e.g., Wrike), including acknowledgement evidence.
• Confirm onsite-assessed suppliers have current-year coverage (e.g., in AirTable). •
Participate in recurring findings-review meetings (e.g., CSFA), advising on policy and evidence standards.
3. Remediation Management
• Own Corrective Action Plans (CAPs) end-to-end: define SLAs, track progress, drive closure with vendors and business owners.
• Coordinate with Legal, Procurement, and InfoSec on remediation timelines and compensating controls.
4. Stakeholder Communication & Escalation
• Run a structured outreach cadence with DRIs (kick-off → 3 follow-ups → 3 escalations to management).
• Track response/non-response rates for every outreach cycle.
• Escalate unresolved/high-risk findings to client leadership and track to closure. 5. Weekly Reporting
• Deliver a standing weekly metrics report to leadership: outreach volume, response rates, follow-up/escalation status, suppliers approved for (re)assessment, and overall assessment/remediation coverage.
Required Qualifications
• 5+ years in cybersecurity, TPRM, GRC operations, or supplier risk coordination.
• Working knowledge of NIST CSF, ISO 27001, SOC 2, SIG/CAIQ.
• Hands-on experience with GRC/TPRM tools (OneTrust, Archer, ServiceNow GRC, SupplierNinja, or similar).
• Proven ownership of high-volume, multi-step communication workflows with strict tracking/documentation.
• Excellent written communication for remote, client-facing engagement.
• Experience operating in distributed/remote teams. Preferred Qualifications
• Certification: CTPRP, CRISC, CISA, or CISSP.
• Experience with Wrike, AirTable, Jira, or similar tracking tools.
• Prior experience in regulated industries (financial services, healthcare, insurance).
• Track record producing leadership-facing weekly reporting.
Skills: ISO 27001:2005~Cyber Security - GRC - Vendor Risk Assessment~Cyber Security - GRC - Data Security
Experience Required: 8-10
Hope you are doing well.
My name is Vishal Singh and I am a Staffing Specialist at “Galaxy I Tech”. I am reaching out to you on an exciting job opportunity with one of our clients.
Job Title : GRC TPRM Assessment & Remediation SME
Location : Austin, TX/ Cupertino, CA
Location : Austin, TX/ Cupertino, CA
JD :
Hybrid Role
Job Title: GRC TPRM Assessment and Remediation SME
Role Descriptions:
"We are seeking an experienced Third-Party Risk Management (TPRM) Assessment and Remediation Subject Matter Expert to manage the end-to-end lifecycle of supplier/vendor cybersecurity risk assessments and remediation — from inventory governance through assessment coordination, escalation management, and executive reporting — in a fully remote, client-facing environment.
This role serves as the process authority for vendor risk assessments, findings management, and cross-functional remediation, requiring precise, proactive communication to maintain trust with high-visibility stakeholders.
Key Responsibilities
1. Supplier Inventory Management
• Maintain the Supplier Inventory (GRC platform, e.g., SupplierNinja) as the single source of truth for assessment status.
• Tier/filter suppliers requiring reassessment vs. new assessment per program criteria.
• Maintain accurate Direct Responsible Individual (DRI) records in the GRC tool (e.g., OneTrust).
2. Assessment Execution
• Evaluate suppliers against standard frameworks (SIG, CAIQ, NIST CSF, ISO 27001, SOC 2) and validate evidence (audit reports, certifications, pen test results).
• Confirm DRI ownership and obtain kick-off acknowledgement before initiating assessments.
• Log and track assessment tasks in a workflow tool (e.g., Wrike), including acknowledgement evidence.
• Confirm onsite-assessed suppliers have current-year coverage (e.g., in AirTable). •
Participate in recurring findings-review meetings (e.g., CSFA), advising on policy and evidence standards.
3. Remediation Management
• Own Corrective Action Plans (CAPs) end-to-end: define SLAs, track progress, drive closure with vendors and business owners.
• Coordinate with Legal, Procurement, and InfoSec on remediation timelines and compensating controls.
4. Stakeholder Communication & Escalation
• Run a structured outreach cadence with DRIs (kick-off → 3 follow-ups → 3 escalations to management).
• Track response/non-response rates for every outreach cycle.
• Escalate unresolved/high-risk findings to client leadership and track to closure. 5. Weekly Reporting
• Deliver a standing weekly metrics report to leadership: outreach volume, response rates, follow-up/escalation status, suppliers approved for (re)assessment, and overall assessment/remediation coverage.
Required Qualifications
• 5+ years in cybersecurity, TPRM, GRC operations, or supplier risk coordination.
• Working knowledge of NIST CSF, ISO 27001, SOC 2, SIG/CAIQ.
• Hands-on experience with GRC/TPRM tools (OneTrust, Archer, ServiceNow GRC, SupplierNinja, or similar).
• Proven ownership of high-volume, multi-step communication workflows with strict tracking/documentation.
• Excellent written communication for remote, client-facing engagement.
• Experience operating in distributed/remote teams. Preferred Qualifications
• Certification: CTPRP, CRISC, CISA, or CISSP.
• Experience with Wrike, AirTable, Jira, or similar tracking tools.
• Prior experience in regulated industries (financial services, healthcare, insurance).
• Track record producing leadership-facing weekly reporting.
Skills: ISO 27001:2005~Cyber Security - GRC - Vendor Risk Assessment~Cyber Security - GRC - Data Security
Experience Required: 8-10
Thanks and Regards,
Vishal Meera Singh
Lead Recruiter
Lead Recruiter
Galaxy i Technologies, Inc
7700 Preston Road, Suite # 504
Frisco, TX - 75034
Frisco, TX - 75034
Tel : Ext. 213
Fax:
E-Mail:
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: 10374872
- Position Id: 35241-43206-
- Posted 10 hours ago
Company Info
About Galaxy i Technologies, Inc.
Galaxy i Technologies, Inc is a global consulting and IT services company that is known for its commitment to client satisfaction. Galaxy i Technologies is an information technology firm offering IT Consulting, Staff Augmentation, Software Development & Training and E-commerce Development. We help our Clients to implement these solutions through a variety of skilled consulting services like Application management, Implementation and Infrastructure management.
Galaxy i Technologies has a pool of highly skilled professionals who work through the life cycle of challenging and exciting projects, including System Analysis, Designing, Development, Implementation, Maintenance, Enhancements and Test Support to our Fortune 500 Corporations.
Careers
Galaxy i Technologies has a pool of highly skilled professionals who work through the life cycle of challenging and exciting projects, including System Analysis, Designing, Development, Implementation, Maintenance, Enhancements and Test Support to our Fortune 500 Corporations.
Careers
Create job alert
Similar Jobs
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs