Third Party Cyber Risk Management (TPCRM) Consultant

Third Party Cyber Risk Management (TPCRM) Consultant

Exp: 5+Years

Location: Princeton, NJ

2 days onsite per week (No Relocation)

Looking for local candidates only

USC/GC

We are looking for an intermediate Third Party Cyber Risk Management consultant for our client! As an Intermediate TPCRM Consultant, you'll be the analytical lead at the crossroads of compliance, cybersecurity, and innovation. You'll harness cutting-edge technologies to perform insightful risk analyses on third-party vendors and perform as a strategic partner to the business, translating data into decisions, risks into recommendations, and insights into impact. The intermediate Third Party Cyber Risk Management Consultant will organize and drive activities around TPCRM security and audits, assess partners and suppliers capabilities, and create awareness and education for TPCRM stakeholders. You are an important link in establishment of trust for our client's digital team and it's partners, and ensuring control of critical data across the security threat landscape.

*Overall Responsibility:*

*Security*

​ • Develop and update TPCRM Security standards and documentation

• Continuously assess TPCRM security risks based on an inventory of vendor landscape and TPCRM security risks
• Develop TPCRM security metrics and requirements
• Examine and select tools and techniques to continuously monitor and report on third party security risks
• Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting
• Support operations of third party cyber risk management program (TPCRM) in 2026
• Ensure alignment with DK Act by end of 2026
• Ensure all new TPCRM Suppliers assessed by end of 2026
• Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026
• Evaluate the security assurance statements of critical suppliers
• Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA and Digital

*Audit*

• Develop and deploy cyber risk audit as a service by end of 2026
• Develop and maintain strong working relationships with leaders in the Digital, Legal and Global Procurement departments and stay ahead of new developments in security and data protection regulations
• Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports
• Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period
• Execute audit calendar and integrate results into an integrated dashboard

*Experience Needed:*

5 years of experience in TPCRM (Third Party Cyber Risk Management) with a strong analytical background.

Risk and control frameworks (e.g., NIST, ISO 27001, FISMA), excellent understanding of vendor management processes and related assurance frameworks (SOC 1 and 2 and type I/II audits and auditor reports)

Hands-on experience with AI/ML tools, automation platforms, or risk analytics software.

Excellent interpersonal and storytelling skills: know how to speak "risk” in business language.

Experience in a Pharma / Biotech / Healthcare company regulations (GDPR, SOX, HIPAA, etc.)

Certifications such as CTPRP, CRISC, or CISSP, CISA, CISM,

GRC tools (ServiceNow, Galvanize, Archer, WolfPAC etc.)

Experience working in multinational organizations and global virtual teams

Knowledge of current and emerging cyber security and privacy regulations and practices and how other enterprises are employing them.

*Education*

Bachelor's Degree in Computer Science, MIS, or related field of study; or any equivalent combination of relevant work experience and training.

Thanks