Third Party Risk Management (TPRM) Analyst in New York, NY at ConsultNet

Date Posted: 4/24/2021

Job Snapshot

  • Employee Type:
  • Location:
    New York, NY
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
  • Job ID:

Job Description

Title: Third Party Risk Management (TPRM) Analyst

Location: Remote/Jersey City, NJ

Duration: 6+ months with a possible extension


Client is seeking a Third Party Risk Management Consultant- in Chief Information Security Office. This individual will report to TRPM Sr. Analyst and partner with the business, corporate and agency IT teams to understand the services our agencies provide clients, the data they handle and risks associated with use of outsourced services and suppliers. This individual will make recommendations on how to mitigate any risks identified.

Job Responsibilities:

  • Support Third Party Risk Management (TPRM) program in the following areas:
    • Oversight and governance
    • Policy and procedures
    • Vendor inventory
    • Risk ranking and assessment methodologies
    • Issue management
    • Automation and reporting
    • Continuous monitoring
  • Initiate information security risk assessments of new and existing suppliers based on risk scoring.
  • Manage questionnaire based IT vendor risk assessments/due diligence reviews, specifically, identifying potential security risks, documenting findings and identifying practical risk reduction strategies.
  • Leverage innate knowledge of technical security concepts including authentication, authorization, data security, application security, cloud services and secure architecture concepts to identify security gaps and convey the importance of security to businesses.
  • Lead discussions around remediation activity and compensating controls to help manage risk. Influence remediation when necessary.
  • Communicate and present risks and remediation activity in a clear manner to non-technical audiences.
  • Review default security language for supplier contracts. Provide support when there is a request to redline/modify security contract language.
  • Fill the role of Application Manager for our Governance Risk and Compliance application. Establish business requirements for new features and functionality. Work with the vendor to implement those enhancements.

Job Requirements:

  • Bachelor of Science in Computer Information Systems, Computer Science, Information Systems Management, related field or equivalent work experience
  • Over 3 years progressive information security and vendor IS risk/IT risk experience
  • Experience with IT technology, infrastructure, applications and architecture
  • Experience in operating a multi-year TPRM program (preferred)
  • Awareness of the external threat landscape
  • Experience with the following industry/regulatory requirements and frameworks: ISO27001, COBIT, SOC2, SOX, NIST 800-53, NIST CSF or FAIR
  • Ability to appropriately balance information security posture with business risk
  • Ability to work with manual processes, where advanced systems are not yet established
  • Experience in implementing and working with vendor risk management GRC technology (preferred)
  • Experience in building and presenting business cases for a multi-year program
  • Comfortable in a fast-paced environment and simultaneously working across multiple projects
  • Excellent written and oral communications skills and ability to articulate and present information to all levels of management
  • Excellent analytical and problem-solving skills
  • CISSP, CISA, CISM, CRISC, CCNA, CCENT, CCNP, GSEC, MCSA certifications are preferred

Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.

In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at