Sr Third Party Risk Management Consultant

Software Guidance & Assistance, Inc., (SGA), is searching for an Sr Third Party Risk Management Consultant for a Contract assignment with one of our premier Healthcare clients in Dallas, TX .

3-6 month contract
90% remote

Responsibilities :
We are seeking a senior level Third Party Risk Management consultant with strong experience designing and building enterprise vendor risk programs, ideally within a healthcare or highly regulated environment. This person should have hands on experience creating risk tiering models, assessment methodologies, governance reporting, and integrating TPRM into procurement and contract processes. We are not looking for an operational analyst or technical support resource, but a strategic program lead who can design, mature, and operationalize a comprehensive TPRM framework and engage confidently with executive stakeholders.

• Design and formalize a scalable Third-Party Risk Management program.
• Develop or refine:
  o Vendor risk tiering methodology
  o Inherent and residual risk scoring models
  o Assessment playbooks and control validation standards
  o Issue tracking and remediation workflows
• Align TPRM processes with applicable frameworks (e.g., NIST CSF, NIST 800-53, HIPAA, PCI, TX-RAMP, ISO 27001)
• Develop standardized assessment questionnaires and evidence review processes.
• Establish governance and reporting mechanisms (dashboards, executive metrics)
• Design process flow to integrate TPRM into procurement and contract lifecycle processes.
• Analyze the current vendor list and tier vendors based on the criteria.
• Execute few sample assessments for critical tier vendors.
• Define continuous monitoring strategy and vendor reassessment cadence.
• Support development of vendor security requirements and minimum control expectations.
• Provide executive-ready documentation and maturity improvement roadmap.

Required Skills:

• 8 plus years of experience in Information Security, Risk Management, or GRC
• Proven experience building or significantly maturing a Third Party Risk Management program
• Strong understanding of the full third party risk lifecycle
• Experience developing vendor risk tiering and inherent versus residual risk scoring models
• Experience designing assessment methodologies and validating security controls
• Knowledge of continuous vendor monitoring practices
• Familiarity with healthcare regulatory requirements such as HIPAA
• Experience aligning programs to frameworks such as NIST CSF, NIST 800 53, PCI, ISO 27001, TX RAMP
• Experience implementing or optimizing workflows in GRC platforms such as ServiceNow, AuditBoard, or Arche

Preferred Skills:

• CISSP, CISM, CRISC, or similar certification
• Experience in healthcare or academic medical center environments
• Experience with risk quantification methodologies
• Experience assessing AI vendors
• Experience conducting cloud and SaaS vendor risk assessments
• Experience governing mission critical vendors
• Experience working with state regulated institutions such as Texas DIR or TX RAMP
• Deep hands on experience with enterprise GRC platforms

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.
#LI-JM1