Third-Party Risk Management (TPRM)

Job Title: Third-Party Risk Management (TPRM)
Location: Jeffesron City,MO
Duration: Longterm

Major Responsibilities

You will be responsible for designing, developing, piloting, and institutionalizing a Third-Party Risk Management framework. This includes:

Phase 1: Assessment and Design

Assess current third-party vendor risk practices across agencies.
Identify cybersecurity gaps and pain points.
Develop TPRM policies and procedures aligned to NIST SP 800-53 Rev 5.
Create a Vendor Risk Categorization Matrix (High/Medium/Low).
Develop a Vendor Assessment Framework including audits, questionnaires, and third-party data.

Phase 2: Implementation and Pilot

Apply assessment tools to a sample vendor pool.
Use UpGuard or other approved tools for risk analysis.
Develop and revise documentation based on pilot feedback.
Phase 3: Training and Handoff

Conduct Train the Trainer sessions.
Provide a process manual for future use.

Resource Required

You must provide a Leadership Team and Working Team:

Leadership Team:

3+ years experience leading implementation in government
Cybersecurity certifications preferred (CRISC, CISSP, CGRC)

Working Team:

2+ years cyber risk/cybersecurity experience
Certifications (CRISC, CISSP, CGRC, CTPRA) preferred
Tool Familiarity:

UpGuard (for risk analysis)
OKTA (identity management)
ServiceNow (optional; project tracking)
Jira or Microsoft ADO (for issue tracking)