Job Specifications
We are looking for an intermediate Third Party Cyber Risk Management consultant for our client! As an Intermediate TPCRM Consultant, you'll be the analytical lead at the crossroads of compliance, cybersecurity, and innovation. You'll harness cutting-edge technologies to perform insightful risk analyses on third-party vendors and perform as a strategic partner to the business, translating data into decisions, risks into recommendations, and insights into impact. The intermediate Third Party Cyber Risk Management Consultant will organize and drive activities around TPCRM security and audits, assess partners and suppliers capabilities, and create awareness and education for TPCRM stakeholders. You are an important link in establishment of trust for our client's digital team and it's partners, and ensuring control of critical data across the security threat landscape.
Overall Responsibility:
Security
• Develop and update TPCRM Security standards and documentation
• Continuously assess TPCRM security risks based on an inventory of vendor landscape and TPCRM security risks
• Develop TPCRM security metrics and requirements
• Examine and select tools and techniques to continuously monitor and report on third party security risks
• Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting
• Support operations of third party cyber risk management program (TPCRM) in 2026
• Ensure alignment with DK Act by end of 2026
• Ensure all new TPCRM Suppliers assessed by end of 2026
• Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026
• Evaluate the security assurance statements of critical suppliers
• Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA and Digital
Audit
• Develop and deploy cyber risk audit as a service by end of 2026
• Develop and maintain strong working relationships with leaders in the Digital, Legal and Global Procurement departments and stay ahead of new developments in security and data protection regulations
• Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports
• Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period
• Execute audit calendar and integrate results into an integrated dashboard
Experience Needed:
5 years of experience in TPCRM (Third Party Cyber Risk Management) with a strong analytical background.
Risk and control frameworks (e.g., NIST, ISO 27001, FISMA), excellent understanding of vendor management processes and related assurance frameworks (SOC 1 and 2 and type I/II audits and auditor reports)
Hands-on experience with AI/ML tools, automation platforms, or risk analytics software.
Excellent interpersonal and storytelling skills: know how to speak "risk” in business language.
Experience in a Pharma / Biotech / Healthcare company regulations (GDPR, SOX, HIPAA, etc.)
Certifications such as CTPRP, CRISC, or CISSP, CISA, CISM,
GRC tools (ServiceNow, Galvanize, Archer, WolfPAC etc.)
Experience working in multinational organizations and global virtual teams
Knowledge of current and emerging cyber security and privacy regulations and practices and how other enterprises are employing them.
Education
Bachelor's Degree in Computer Science, MIS, or related field of study; or any equivalent combination of relevant work experience and training.
About the Company
Atlas is a , % -, that partners with our clients to solve complex challenges, driving operational excellence and delivering impactful solutions. . We deliver solutions for both global fortune 100 and emerging companies. with expertise in the life sciences industry. We have a rich history, with over 25 years of relentlessly focusing on delivery excellence, so that our clients achieve tangible business outcomes and accelerate their initiatives. : - From strategic optimization of Portfolio, Program, Project, and Pro...
Know more