What are the responsibilities and job description for the GRC - Third Party Risk Manager position at LHH?
We are looking for a GRC – Third Party Risk Manager to join our InfoSec team. This role involves executing the Third Party Risk Management (TPRM) function and supporting the broader GRC team. The responsibilities include identifying and addressing risks related to vendor relationships, conducting initial due diligence, and performing ongoing risk assessments and monitoring throughout the vendor relationship. The manager will coordinate the review of cybersecurity controls of third-party vendors and their hardware, software, and services in alignment with current IT risk management standards.
In this role, the GRC – Third Party Risk Manager will :
- Conduct third-party risk assessments for initial due diligence and ongoing evaluation of vendor services to identify potential privacy and security-related risks.
- Manage distribution and review required vendor cyber risk documents, such as third-party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC Type II, etc.), vendor security policies, and other information to support the identification and evaluation of potential outsourcing risks.
- Use a strong knowledge of industry standards (such as NIST CSF, ISO27001 / 27002) and the regulatory landscape (such as GDPR) to provide a comprehensive assessment of the vendor’s security risk.
- Work with third parties and internal stakeholders to identify and remediate risks and track and report identified issues and risk remediation efforts.
- Coordinate with InfoSec (e.g., Security Engineering, Risk Management) and other stakeholders to evaluate the vendor’s security controls and identify associated risks.
- Report vendor-related security risk recommendations and guidance and obtain risk acceptance prior to entering into contractual relationships with vendors.
- Negotiate and support the Procurement team in negotiating the Information Protection Addendum (IPA) and obtain appropriate input from Privacy, InfoSec, and the OGC.
- Work with Contract Administration / Procurement to support contractual reviews for new and existing vendors.
- Measure and monitor progress of TPRM activities, including evolving the program in accordance with industry practices.
- Stay informed about the latest developments in the vendor risk management field.
- Support various ad hoc projects supporting program enhancements, process improvements, and other GRC functions.
- Expert knowledge in Third Party Risk Management.
- Strong knowledge of privacy and information security frameworks (e.g., NIST, ISO) and relevant regulatory requirements (e.g., GDPR, CCPA).
- Strong knowledge of security trends and potential risk exposure.
- Strong written and verbal communication skills.
- Experience negotiating supplier resiliency requirements.
- Bachelor’s degree (required).
- 7 years of experience in third-party risk management or related experience.
Additionally, the GRC – Third Party Risk Manager should have :
Qualifications :
Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.
The salary wage range for this position is a minimum of $122,700 and a maximum of $160,000 annually. The actual pay wage may vary based on experience or other relevant factors.
Salary : $160,000
