TPRM Consultant

🔥 0 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of DysrupIT

DysrupIT

51 - 200 employees

Founded 2016

🏢 Enterprise

☁️ SaaS

🔒 Cybersecurity

Enterprise • SaaS • Cybersecurity

DysrupIT is a global cloud services and IT solutions firm that helps organizations adopt cloud technologies and transition to as-a-Service business models. The company provides enterprise cloud, managed services, application engineering, cybersecurity, and data analytics & information management, serving SMBs through multinational enterprises with Microsoft and other cloud platforms. DysrupIT also emphasizes community impact, talent development, and long-term partnerships to deliver secure, scalable, and business-aligned technology outcomes.

📋 Description

• Develop and build an end-to-end TPRM Program - onboarding, risk assessments, performance monitoring, and offboarding • Support ISO 27001 audit readiness activities, including gap assessments and remediation tracking as needed. • Assess third-party/vendor risk exposure and ensure compliance with security and regulatory requirements. • Coordinate with internal stakeholders (IT, Legal, Security, Procurement) to align the TPRM Program with existing frameworks • Develop and build the vendor risk registers, compliance trackers, and audit documentation as the single source of truth, keeping it current and audit-ready • Support internal and external audits, liaising with certification bodies as needed • Design the TPRM policy, procedure, and risk-tiering methodology (critical/high/medium/low based on data access, business impact, and regulatory exposure) • Build vendor risk assessment templates (SIG/CAIQ-aligned questionnaires, DPIA triggers for vendors processing personal data) • Establish the vendor inventory/register and define onboarding, monitoring, and offboarding workflows • Recommend standard security/privacy contract clauses and Data Processing Agreement (DPA) templates for Legal and Procurement to adopt • Own and execute the full vendor risk assessment lifecycle across all tiers on the defined cadence (e.g., annual for critical, biennial for lower risk) • Continuously monitor vendor risk posture (security ratings platforms, incident tracking, contract or scope changes) and reassess as needed • Coordinate with Legal/Procurement on contract renewals, DPA updates, and sub processor changes • Support internal and external audits (ISO 27001, customer security reviews) with TPRM evidence and documentation • Prepare and present vendor risk metrics, top risks, and program status to leadership/risk committee on a regular cadence (e.g., monthly or quarterly) • Provide guidance and light training to internal stakeholders (Procurement, business owners) on TPRM policy and process • Develop the SOP for managing vendor offboarding, including secure data return/destruction confirmation and access revocation tracking • Periodically refine the program (policy updates, template improvements, tooling optimization) as the vendor landscape and regulatory environment evolve • Reduce weekly hours once the vendor register is complete and the first full assessment cycle has closed, in agreement with the organization.

🎯 Requirements

• Proven experience in Vendor/Third-Party Risk Management • Solid background in GRC frameworks and practices • Experience preparing organizations for ISMS certification • Hands-on experience with ISO 27001 auditing (internal or external) • Familiarity with risk assessment methodologies and compliance reporting • Strong stakeholder management and cross-functional coordination skills • Strong working knowledge of ISO 27001, SOC 2, NIST CSF/800-53, GDPR (Art. 28, 32), and CCPA • Hands-on experience reviewing SOC 2 reports, ISO certificates, penetration test results, and vendor security questionnaires (SIG, CAIQ) • Experience drafting or advising on DPAs, security addenda, and sub-processor clauses • Comfortable operating as the embedded/de facto TPRM function — proactive, autonomous, and reliable on a recurring cadence rather than a one-time deliverable • Strong written and verbal communication skills, including presenting to executive stakeholders • Available for a sustained, ongoing commitment: 15–20 hours/week during the build phase, reducing thereafter.

🏖️ Benefits

• None specified

Apply Now