Senior Consultant - Third Party Risks

We are seeking a highly skilled and motivated Third‑Party Manager to support our client in developing and maturing their third‑party risk management (TPRM) framework. In this role, you will support the creation of a full vendor inventory, design due‑diligence questionnaires, and perform comprehensive due‑diligence assessments across the vendor lifecycle. You will play a central role in ensuring that third‑party risks are identified, assessed, and managed effectively while collaborating closely with internal and external stakeholders.

• Develop, maintain, and continuously update a complete inventory of all vendors, suppliers, and third‑party service providers.
• Classify vendors based on criticality, service type, data access, and inherent risk.
• Design risk‑based due‑diligence questionnaires tailored to different vendor categories (e.g., cyber, financial, operational, regulatory).
• Conduct initial and ongoing due‑diligence assessments, including analysis of financial stability, cybersecurity controls, data protection practices, business continuity, and compliance posture.
• Review and interpret SOC reports, ISO certifications, penetration testing results, and other external assurance documentation.
• Identify control gaps and document findings in clear, risk‑based reports supported by actionable recommendations.
• Support stakeholders during vendor onboarding and renewal processes by validating risk, compliance, and performance.
• Maintain and update risk assessment documentation throughout the vendor lifecycle.
• Monitor key vendor SLAs, KPIs, and contractual obligations.
• Conduct periodic vendor performance reviews and escalate identified issues.
• Support remediation planning and provide oversight of vendor corrective actions.
• Serve as a primary point of contact for both internal stakeholders and third‑party partners.
• Develop standardized templates, workflows, and procedures for third‑party oversight.
• Build dashboards and reporting packs for senior management and risk committees.
• Ensure all due‑diligence records, approvals, and risk treatment plans are maintained in accordance with governance requirements.
• Support the development of policies and playbooks related to third‑party risk management.

Requirements

• Bachelor’s degree in Risk Management, Business, Cybersecurity, Supply Chain, or related field.
• 5+ years of experience in third‑party risk management, vendor management, procurement, or risk/compliance.
• Demonstrable experience developing due‑diligence questionnaires and performing vendor risk assessments.
• Strong understanding of frameworks such as ISO 27001, NIST, SOC 2, and data‑protection requirements.
• Ability to analyze complex documentation (e.g., contracts, SOC reports, financial statements) and translate findings into clear recommendations.
• Strong stakeholder‑management skills and experience supporting clients across diverse industries.
• Excellent written communication skills and the ability to prepare high‑quality reports.

Desired Skills

• Certifications such as CISM, CRISC, CISA, ISO 27001 Lead Auditor, or relevant vendor‑risk qualifications.
• Experience with TPRM/VRM systems (e.g., Archer, ServiceNow VRM, OneTrust, Prevalent).
• Understanding of cybersecurity domains relevant to third‑party risk, including access control, data protection, and incident response.
• Experience working in global or regulated environments with complex supply‑chain or vendor ecosystems.
• Ability to manage multiple simultaneous assessments and deadlines.

Benefits

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• We operate a discretionary bonus scheme that incentivizes, and rewards individuals based on company and individual performance.
• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.

The base salary range for this position is $125000-135000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit