Sign upLog in
Finance Jobs

Third Party Cyber Risk Manager

Apolis

Raleigh, NC

Apply
JOB DETAILS
SALARY
$69–$94 Per Hour
SKILLS
CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Consulting, Documentation, Due Diligence, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, Internet Security, Legal, Machine Tool, Onboarding, Product Lifecycle, Purchasing/Procurement, Regulations, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Vendor/Supplier Evaluation, Vendor/Supplier Selection
LOCATION
Raleigh, NC
POSTED
30+ days ago
  • Job Title: Third Party Cyber Risk Manager
  • Location: Raleigh, NC
  • Tax Term (W2, C2C): W2
  • Job Type (Permanent/Contract) : Contract to hire
  • Duration: 6 Months
  • Pay Range: $69-94/hr on W2
Description:
5+ years (Sr. Mgr level) of 3rd party experience, evaluating vendors, looking at service organization control reports, assess risk for 3rd parties. Questionnaire already built for vendors, may need to tweak to reduce risk and add value.

OSACA certification, CRISC, CISM, CISSP would be helpful

The Third Party Cyber Risk Manager is responsible for designing, executing, and operating the organization s Third Party Cyber Risk Management (TPCRM) program. This role identifies, assesses, and manages cyber risks introduced by vendors, suppliers, and service providers, ensuring third parties meet the company s security, compliance, and risk standards throughout the vendor lifecycle.

Role and Responsibilities:
Program Ownership & Execution
" Own and operate the Third Party Cyber Risk Management lifecycle, including vendor intake, inherent risk assessment, due diligence, risk treatment, and ongoing monitoring.
" Establish and maintain a risk based vendor tiering model and tier specific security requirements aligned to company standards and risk appetite.
" Ensure the TPCRM program is defensible, repeatable, and audit ready, addressing Internal Audit and regulatory expectations.
Vendor Cyber Risk Assessment
" Conduct and oversee security due diligence of third parties, including questionnaires, evidence review (e.g., SOC reports, policies, certifications), and control validation based on vendor risk tier.
" Identify control gaps, assess residual risk, and require remediation plans or formal risk acknowledgment where necessary, working with Cyber Risk Management Team.
" Provide clear cyber risk outcomes to business stakeholders to support vendor selection, onboarding, and renewal decisions.
Governance, Reporting & Stakeholder Management
" Partner with Procurement, Legal, Compliance, Internal Audit, Enterprise Risk, and business owners to embed cyber risk requirements into vendor onboarding and contracting processes.
" Ensure required security, data protection, breach notification, and right to audit clauses are incorporated into vendor contracts in coordination with Legal.
" Track, monitor, and report on vendor cyber risk posture, remediation status, and key risk indicators (KRIs).
Tooling & Process Enablement
" Execute and operationalize the TPCRM program using OneTrust (or equivalent GRC tooling) for workflow, evidence management, and reporting.
" Maintain documentation and evidence demonstrating program execution for audits and regulatory reviews.

Required Skills:
" Experience in cybersecurity, GRC, or third party risk management
" Strong understanding of vendor cyber risk, control frameworks, and risk assessment concepts (inherent vs. residual risk, remediation, risk acceptance)
" Ability to translate technical risk findings into clear business decisions
" Experience operating or supporting a GRC / TPRM platform (e.g., OneTrust)
Qualifications:
" Bachelor s degree in Information Security, Risk Management, Information Systems, or a related field, or equivalent professional experience.
" 6+ years of experience in cybersecurity, information security risk management, GRC, or third party risk management, with demonstrated program ownership.
" Strong understanding of third party cyber risk concepts, including inherent risk, residual risk, remediation, and risk acceptance.
" Experience partnering with Procurement, Legal, and business stakeholders in a large, complex enterprise environment.
" Proven ability to translate technical risk findings into clear business focused recommendations.
Preferred Qualifications
" Experience operating or implementing a TPRM / GRC platform (e.g., OneTrust).
" Experience supporting internal audit, regulatory, or external assessment activities related to third party risk.
" Professional certifications such as CISSP, CISM, CRISC, or similar.

About the Company

A

Apolis

Since 1996, RJT has provided successful SAP, Oracle, and IT consulting solutions and staffing services to clients around the world. The new Apolis brings you the same personalized service fortified with a greater array of IT solutions, global expertise, and cost-management strategies.

We are a global IT consultancy that seamlessly integrates experts and leading-edge solutions into your organization so you can focus on what really matters.

COMPANY SIZE
500 to 999 employees
INDUSTRY
Computer/IT Services
EMPLOYEE BENEFITS
Paid Sick Days, Employee Referral Program, Employee Events, Retirement / Pension Plans
WEBSITE
https://www.apolisrises.com/

Similar Job Searches

Asset Manager JobsBudget Analyst JobsCash Manager JobsCost Analyst JobsCredit Analyst JobsCredit Coordinator JobsCredit Manager JobsCredit Officer JobsDirector Of Finance JobsDirector Of Financial Reporting Jobs