Third-Party Risk Manager (TPRM)

I am seeking a Third-Party Risk Manager to lead and support the identification, assessment, mitigation, monitoring, and reporting of risks associated with third-party entities such as vendors, suppliers, distributors, agents, and strategic partners. This role plays a critical part in strengthening cybersecurity postures and ensuring compliance with regulatory obligations.

Key Responsibilities:

• Identify, assess, and manage risks related to third-party relationships, including vendors, suppliers, and other external partners.
• Monitor third-party activities and report on associated risks, including cybersecurity threats, regulatory compliance issues, financial instability, and operational disruptions.
• Recognize and address increased dependency on third parties for key services, particularly in relation to the organisation's cybersecurity exposure in the event of a compromise.
• Maintain awareness of third-party-related threat events and their impact on the organisation’s cyber incident response capabilities.
• Ensure compliance with relevant regulatory frameworks such as the NIS Directive, OES annual returns, EU Cybersecurity Act, and GDPR.
• Maintain ownership of the third-party relationship inventory and ensure accurate and up-to-date records.
• Collaborate with the Governance, Risk, and Compliance Lead to monitor and manage third-party risk exposures.
• Develop and implement a comprehensive TPRM project plan aimed at enhancing the organisation’s cybersecurity posture, in line with recommendations from external assessments (e.g., PwC).
• Review third-party contracts, due diligence documentation, and risk assessments to ensure alignment with internal standards and risk appetite.
• Contribute to the development and continuous improvement of TPRM policies, procedures, and standards.
• Support the design and implementation of risk mitigation strategies and internal controls to address identified third-party risks.
• Promote TPRM awareness by delivering training and educational programs for internal teams and relevant third parties.
• Establish and track key performance indicators (KPIs) and metrics to measure the effectiveness of the TPRM program and provide regular reporting to senior management and stakeholders.
• Work cross-functionally with departments such as IT, Legal, Procurement, Finance, and Operations to ensure cohesive and effective third-party risk management practices.

Ideal Candidate Profile:

• Strong understanding of third-party risk management and its role within broader cybersecurity and compliance frameworks.
• Familiarity with applicable regulations and industry standards.
• Excellent communication, collaboration, and project management skills.
• Ability to analyse complex information and make informed risk-based decisions.