Job Description

Job Description

Overview:

The Third Party Risk Assessor is responsible for executing comprehensive risk assessments of external vendors and partners in alignment with departmental guidelines and regulatory standards. This role involves evaluating questionnaire responses, validating controls, and documenting assessments while managing deadlines and collaborating with internal and external stakeholders.

Key Responsibilities:

• Conduct Third Party Risk assessments by reviewing questionnaire responses, validating controls, and documenting findings per established procedures
• Project manage assessment timelines by coordinating with external vendors and internal business partners, ensuring timely execution and follow-up
• Support internal teams in completing Inherent Risk Questionnaires by providing guidance and subject matter expertise
• Perform quality assurance reviews of submitted Inherent Risk Questionnaires to ensure accuracy and completeness
• Assist Third Parties in completing Due Diligence Questionnaires by clarifying requirements and expected supporting documentation
• Review assessments completed by other risk assessors to ensure consistency and quality
• Support Third Party onboarding, ongoing monitoring, and offboarding processes by addressing stakeholder inquiries and ensuring compliance
• Contribute to performance reporting and escalate issues related to Third Party Risk Management (TPRM) as needed
• Identify and recommend improvements to processes, programs, and technology configurations for inclusion in the TPRM roadmap
• Perform additional duties as assigned to support departmental goals

Required Skills & Knowledge:

• Strong understanding of industry security standards such as NIST, ISO, and COBIT
• Expertise in information security and business resiliency, including infrastructure security, access management, cloud security, and physical/environmental controls
• Detail-oriented with excellent organizational and project management skills; able to manage multiple assessments while meeting SLAs
• Effective communication skills with the ability to engage both technical and non-technical stakeholders
• Strong interpersonal skills and ability to collaborate across all levels of the organization
• Proficiency in Microsoft Office Suite and other business-related software systems

Education & Experience:

• Bachelor’s degree or equivalent required
• 3–5 years of experience in Information Security or Vendor/Third-Party Risk Management
• Professional certifications such as CISSP, CRISC, or CISA highly preferred

Job Tags

Similar Jobs