Third-Party Risk Management; TPRM Consultant​/Remote

Position: Third-Party Risk Management (TPRM) Consultant / Contract / Remote
$73.33 - $75.86

Our SaaS client in the construction industry is looking for a Third-Party Risk Management (TPRM) Consultant.

This is a contract position through the end of the year, and is not expected to extend.

This is a 100% remote position within the United States.

*
* Description:

** Our client is a fast-growing, high-velocity SaaS company seeking a highly motivated and detail-oriented Third-Party Risk Management (TPRM) Consultant for an immediate engagement. In this role, you will be a key contributor to our Governance, Risk, and Compliance (GRC) organization, taking immediate ownership of a critical backlog of vendor risk assessments. We need a consultant who leverages cutting-edge AI tools to accelerate the assessment lifecycle, applying critical analysis to balance our business velocity with our defined risk appetite.

** Contract Duration:
** 6 months through the end of the year.

** Required Skills & Experience*
*
- Experience:

5+ years of direct experience conducting complex, end-to-end third-party risk assessments, preferably in a fast-paced SaaS, tech, or regulated environment.

- AI Tool Fluency:
Direct, practical experience leveraging LLMs (Cursor, Claude, Gemini) to optimize workflows, analyze long-form documents, and accelerate evidence collection.

- Technical Knowledge:
Deep understanding of information security/data protection frameworks (SOC 2, ISO 27001, NIST CSF) and global regulations (GDPR, CCPA, and the EU AI Act).

- Platform Proficiency:
Hands-on, intermediate-to-advanced experience with One Trust, including navigating workflows and managing assessment data.

- Critical Analysis &

Soft Skills:

Exceptional problem-solving abilities. You don't just check compliance boxes; you look at actual architectural risks and can clearly articulate business impacts to stakeholders at all levels.

- Independent Execution: A proven ability to hit the ground running on day one, take total ownership of your queue, and prioritize effectively in a dynamic, high-velocity environment.

Preferred Qualifications:

- Relevant certifications such as CRISC, CISA, CISSP, CISM, or CTPRP.

- Familiarity with data analysis and visualization tools like Power BI to support data-driven risk reporting.

** What You Will Be Doing:*
* You will be embedded into our client's GRC team, executing the end-to-end TPRM process with a focus on speed, data integrity, and pragmatic risk management:

- Execute the TPRM Process:
Conduct comprehensive, end-to-end risk assessments on third parties. Analyze security controls, SOC 2 Type II reports, ISO certifications, and compliance documentation, gathering necessary details directly from vendors.

- Drive AI-Powered Efficiency:
Leverage Claude and other advanced AI tools to rapidly parse, summarize, and extract key findings from vendor compliance artifacts, significantly reducing time-to-assessment while highlighting material risks.

- Identify Critical Systems & Assets:
Partner with internal technical and business teams to map sensitive data, determine inherent risk, and identify complex processor/ sub-processor relationships.

- Prioritize by Risk Appetite:
Categorize third parties (tiering) to guide reassessment depth. Evaluate gaps through the lens of our risk appetite, ensuring we secure our supply chain without unnecessarily blocking business velocity.

- Support Contracting:
Partner with our legal and procurement teams to ensure critical security and data protection requirements are accurately captured in vendor contracts.

- Maintain Accurate Records (One Trust):
Document all assessment activities, findings, and mitigation efforts with high data integrity inside our TPRM platform (One Trust).

- Provide Operational Support:
Guide internal business owners and external third parties smoothly through the TPRM pipeline, answering technical questions and resolving bottlenecks.