Senior Consultant, Third Party Risk Management; TPRM

Senior Consultant, Third Party Risk Management (TPRM)

Join to apply for the Senior Consultant, Third Party Risk Management (TPRM) role at CNA Insurance

The Senior Consultant, Third Party Risk Management (TPRM) is the front door for new third party engagements. This role co‑leads the intake and review of net new vendors, serves as the liaison and “shepherd” across Business Leadership, Procurement, Legal, Info Sec and other stakeholders to create a seamless experience. The role is central to maintaining CNA’s standards for vendor onboarding and risk control throughout the lifecycle.

• Manage the intake and reviews for all net‑new vendors entering the organization; validate scope, data flows, service criticality, and inherent risk indicators at the point of request.
• Operate the intake workflow across Workday Strategic Sourcing (WSS) and Process Unity (PU); ensure requests are properly classified and routed.
• Collaborate with Procurement to align intake with sourcing milestones (RFP/RFI, contract negotiation)
• Produce Reporting metrics on intake volumes, SLA adherence, inherent risk distribution, and critical third party supplier activities.
• Apply a pragmatic triage model (e.g., exempt items; existing supplier/same scope; existing supplier/new scope; new supplier/new scope) to focus effort on where risk is highest and eliminate unnecessary reviews.
• Function as the liaison across Procurement, Legal, Info Sec/Tech Risk, Privacy, Business/Operational Resiliency, and Finance to orchestrate TPRM activities within the contracting process, ensuring a seamless and efficient stakeholder experience.
• Co‑lead end‑to‑end risk assessments for high‑impact/new vendors: scoping, risk tiering (IRQ), due‑diligence review (DDQ), and control validation (remote or on‑site), with audit‑ready documentation.
• Coordinate reviews with SMEs (Info Sec, Compliance, Resiliency, Finance); synthesize control gaps and propose remediation, acceptance, or compensating controls in line with the TPRM policy.
• Provide coaching to business owners, managed service providers and vendors on completing questionnaires, evidence expectations, and timelines; handle escalations and sensitive assessments with discretion.
• Lead incremental workflow improvements in WSS/PU and support roadmap initiatives (e.g., Intake Optimization, IRQ refresh, scaled issue management, and risk‑intelligence integrations).

• 5-7+ years of experience in third‑party/vendor risk, technology risk, or related fields with direct ownership of new vendor onboarding and due‑diligence assessments.
• Proven ability to operate at pace in a procurement‑driven environment, triaging high volumes and prioritizing new supplier/new scope engagements.
• Demonstrated experience coordinating across Info Sec, Legal, Privacy, Resiliency, Finance, and business stakeholders, translating policy expectations into practical contract terms and controls.
• Excellent written and verbal communication; executive‑caliber reporting and stakeholder management for high‑visibility vendors.

• Certifications:
  
  CTPRP/CTPRA, CISA, CRISC, CISSP, or similar.
• Experience with risk‑intelligence platforms (e.g., Supply Wisdom, Black Kite) and AI‑assisted control/evidence evaluation capabilities.
• Background in insurance/financial services vendor governance or regulatory frameworks relevant to outsourcing, data protection, operational resilience.
• Intake mastery - ability to quickly classify requests, separate exempt/low‑risk from high‑impact cases, and keep pipelines flowing without bottlenecks.
• Orchestration and influence: cross‑functional leadership and stakeholder alignment throughout contracting and onboarding; strong meeting facilitation.
• Tool fluency - Process Unity administration/usage and WSS intake routing; comfort with dashboards, SLAs/KPIs, and audit trails.
• Risk Judgment & Decisioning:
  Makes timely, defensible inherent risk determinations with clear rationale.
• Process Excellence:
  Builds and enforces standardized intake workflows, SLAs, and data quality checks.
• Stakeholder Partnership:
  Collaborates cross‑functionally.
• Detail Orientation:
  Catches gaps in scope, data…