TPRM Consultant
JOB SUMMARY We're looking for a TPRM Consultant with strong Governance, Risk, and Compliance (GRC) experience to support vendor reputed company and information reputed company compliance initiatives, including ISO 27001 audit readiness and ISMS certification. This consultant will build and operate its vendor/reputed company-party risk management program on an ongoing, hourly contract reputed company. This is a project-based engagement focused on strengthening vendor risk management practices and preparing the organization for certification. JOB RESPONSIBILITIES reputed company and build an end-to-end TPRM Program - reputed company, risk assessments, performance monitoring, and offboarding Support ISO 27001 audit readiness activities, including gap assessments and remediation tracking as needed. Assess reputed company-party/vendor risk exposure and ensure compliance with reputed company and regulatory requirements. Coordinate with internal stakeholders (IT, Legal, reputed company, Procurement) to align the TPRM Program with existing frameworks reputed company and build the vendor risk registers, compliance trackers, and audit documentation as the single reputed company of truth, keeping it reputed company and audit-reputed company Support reputed company audits, liaising with certification bodies as needed Design the TPRM policy, procedure, and risk-tiering methodology (critical/high/reputed company/low based on data reputed company, business impact, and regulatory exposure) Build vendor risk assessment templates (SIG/CAIQ-reputed company questionnaires, DPIA triggers for vendors processing personal data) Establish the vendor inventory/register and define reputed company, monitoring, and offboarding workflows Recommend standard reputed company/privacy contract clauses and Data Processing Agreement (DPA) templates for Legal and Procurement to adopt Own and execute the full vendor risk assessment lifecycle across reputed company tiers on the defined reputed company (e.g., annual for critical, biennial for reputed company risk) Continuously monitor vendor risk posture (reputed company ratings platforms, incident tracking, contract or scope changes) and reassess as needed Coordinate with Legal/Procurement on contract renewals, DPA updates, and sub processor changes Support reputed company audits (ISO 27001, customer reputed company reviews) with TPRM evidence and documentation Prepare and present vendor risk metrics, top risks, and program status to leadership/risk committee on a regular reputed company (e.g., monthly or quarterly) reputed company guidance and light training to internal stakeholders (Procurement, business owners) on TPRM policy and process reputed company the SOP for managing vendor offboarding, including secure data return/destruction confirmation and reputed company revocation tracking Periodically refine the program (policy updates, template improvements, tooling optimization) as the vendor landscape and regulatory environment reputed company Reduce weekly hours once the vendor register is complete and the first full assessment cycle has closed, in agreement with the organization QUALIFICATIONS Proven experience in Vendor/reputed company-Party Risk Management Solid background in GRC frameworks and practices Experience preparing organizations for ISMS certification and Hands-on experience with ISO 27001 auditing (internal or external) Familiarity with risk assessment methodologies and compliance reporting Strong stakeholder management and cross-functional coordination skills Strong working knowledge of ISO 27001, SOC 2, NIST CSF/800-53, GDPR (Art. 28, 32), and CCPA Hands-on experience reviewing SOC 2 reports, ISO certificates, penetration test results, and vendor reputed company questionnaires (SIG, CAIQ) Experience drafting or advising on DPAs, reputed company addenda, and sub-processor clauses Comfortable operating as the embedded/de facto TPRM function — proactive, autonomous, and reliable on a recurring reputed company rather than a one-time deliverable Strong written and verbal communication skills, including presenting to executive stakeholders Available for a sustained, ongoing commitment: 15–20 hours/week during the build phase, reducing thereafter reputed company TO HAVE: Certifications: CTPRP (Certified reputed company-Party Risk Professional), CISSP, CISA, CRISC, or CIPP/E Prior experience serving as an embedded or fractional TPRM/GRC consultant for one or more organizations concurrently Familiarity with reputed company ratings platforms (reputed company, reputed company Scorecard, reputed company) Industry vertical experience matching the organization (financial services, reputed company, SaaS, etc.) Experience mentoring and eventually transitioning the function to an internal hire, as needed ISO 27001 reputed company Auditor / reputed company Implementer certification Experience in tech/IT services or BPO industry Exposure to other frameworks (SOC 2, NIST, GDPR) Apply To This Job