Title: *Third Party Cyber Risk Management (TPCRM) Consultant*
Location: Princeton, NJ
Remote with monthly once or twice client visits
Looking for local candidates only
Pharma domain work experience is a must
Description:
We are looking for a Third-Party Cyber Risk Management consultant to perform insightful risk analyses on third-party vendors and perform as a strategic partner to the business, translating data into decisions, risks into recommendations, and insights into impact. The Third-Party Cyber Risk Management Consultant will execute and drive activities around TPCRM security and audits, assess partners and suppliers capabilities, and create awareness and education for TPCRM stakeholders. You are an important link in establishment of trust for our client's digital team and its partners and ensuring control of critical data across the security threat landscape. In addition to your in-depth experience with SOC2 as a primary mechanisms to evaluate vendors and regulatory compliance frameworks such as NIST, this role requires a mix of technical and business acumen to influence and communicate with stakeholders across the enterprise.
Overall Responsibility:
Security
Develop and update TPCRM Security standards and documentation
Continuously assess TPCRM security risks based on an inventory of vendor landscape and TPCRM security risks
Develop TPCRM security metrics and requirements
Examine and select tools and techniques to continuously monitor and report on third party security risks
Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting
Support operations of third party cyber risk management program (TPCRM) in 2026
Ensure alignment with DK Act by end of 2026
Ensure all new TPCRM Suppliers assessed by end of 2026
Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026
Evaluate the security assurance statements of critical suppliers
Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA and Digital
Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026
Evaluate the security assurance statements of critical suppliers
Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA
Audit
Develop and deploy cyber risk audit as a service by end of 2026
Develop and maintain strong working relationships with leaders in the Digital, Legal and Global Procurement departments and stay ahead of new developments in security and data protection regulations
Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports
Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period
Execute audit calendar and integrate results into an integrated dashboard
Experience Needed:
Certification such as CTPRP, CRISC, or CISSP, CISA, CISM
Minimum of 5 years of experience in TPCRM (Third Party Cyber Risk Management)
Excellent understanding of vendor management processes and related assurance frameworks ( SOC 1 and 2 and type I/II audits and auditor reports)
Good knowledge of Regulatory Compliance Frameworks applicable for a multinational life science organization or other highly regulated environment ( NIST, GxP)
Experience working with GRC tools (e.g. ServiceNow, Galvanize, Vanta, MetricStream, Archer, etc.)
Experience in defining and implementing security management processes and controls
Experience in setting up a TPCRM security improvement roadmap and driving the implementation of corresponding actions and processes
Experience in working in multinational organizations and global virtual teams
Good understanding of current and emerging cyber security and privacy regulations and practices, and how other enterprises are employing them.
Enable proactive identification/resolution of risks by collaborating across multiple teams
Fosters strong relationships with colleagues and business leaders to enable risk mitigation through effective communication of TPCRM risk status to key stakeholders
Leads and contributes to outcomes for: Risk assessments, Security improvements and Audit remediations
Supports alignment of security operations to policies, standards, and procedures
Contributes, maintains, and reports on Key Performance and Risk Indicators (KRI/KPI)
Excellent communication skills to connect effectively with different stakeholders and to deal with the different interests in the organization.