We are seeking a skilled and detail-oriented Third Party Risk Assessment Specialist who will be responsible for assessing, managing, and mitigating risks associated with third-party relationships to ensure that all external vendors, contractors, and service providers meet our organization's security, regulatory, and compliance standards.
Mandatory Skill(s)
- Bachelor’s degree in Business, Risk Management, Information Security, Finance, or related field;
- 3+years of experience in third-party risk management, vendor management, compliance, or a related field;
- Knowledge of risk assessment methodologies and frameworks, such as NIST, ISO 27001, or similar;
- Familiarity with regulatory requirements and industry standards related to third-party relationships, such as GDPR, HIPAA, SOC 2, etc;
- Experience with conducting vendor risk assessments and audits;
- Strong communication skills, both written and verbal, with the ability to communicate complex risk-related issues to non-technical stakeholders;
- Detail-oriented, organized, and able to manage multiple projects simultaneously;
- Proficiency in Microsoft Office (Excel, Word, PowerPoint), risk management tools, and contract management systems.
Desirable Skill(s)
- Familiarity with cybersecurity best practices and data privacy laws;
- Experience with vendor management software or tools.
Responsibilities
- Risk Evaluation: Conduct risk assessments of third-party vendors and partners, focusing on areas such as data security, compliance, financial stability, operational effectiveness, and legal risk;
- Due Diligence: Perform thorough due diligence on potential third-party partners before engagement, including reviewing security protocols, business continuity plans, financial standing, and legal compliance;
- Ongoing Monitoring: Continuously monitor the performance and risk posture of third-party vendors throughout the life of the relationship. Identify new or evolving risks and recommend mitigating actions;
- Contract Review: Review and assess contracts, service level agreements (SLAs), and other documentation to ensure they meet company risk management standards and address potential risks;
- Risk Reporting: Prepare and present risk reports to senior management, highlighting identified risks, trends, and recommendations for mitigating actions;
- Compliance: Ensure that third-party vendors comply with all relevant regulations, including data protection laws (GDPR, CCPA), industry standards (ISO 27001), and organizational policies;
- Collaboration: Work closely with procurement, legal, IT, and compliance teams to integrate risk management processes into the vendor selection and management lifecycle;
- Incident Response: Collaborate with internal teams during any third-party-related incidents, helping to assess the impact and manage the response strategy;
- Risk Mitigation Strategy: Develop and implement strategies to mitigate risks related to third-party interactions, including conducting audits and ensuring vendors adhere to necessary corrective actions.
If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Binod Chetri at binod.c@sciente.com quoting the job title.
