A leading cyber defense firm is searching for a Principal Consultant for Vendor Risk Management to join their rapidly growing team. The consultant will be responsible of collaborating with clients to identify risks in their supply chain and cybersecurity. The role will directly consult with clients to establish and enhance vendor risk management, develop third-party cybersecurity risk management programs, and maintain ongoing assessment and communication with third-party vendors. This position provides a special chance to create and grow a consulting program exclusively dedicated to managing third-party vendor risk for global enterprise clients.
- Manage third-party risk management consulting engagements as part of Company's Supply Chain Defense business
- Design and recommend Third Party Cybersecurity Risk Management programs at large commercial enterprises and government institutions
- Lead Third Party Risk Workshops at Company Clients focused on the following topics: Program Design & Governance, Vendor Identification and Stratification, Vendor On-boarding, Monitoring and Remediation, & Cybersecurity Risk Questionnaire Development
- Project and program delivery, including project and process management, reporting, participation in senior leadership meetings, developing and revising senior management materials, and other governance tasks
- Communicate results and suggestions on Third Party Cybersecurity Risk Management program design, best practices, tools, and technology to client stakeholders, including C-level and board members.
- Manage a commercial client account portfolio
- 10+ years of Third-Party Risk Management consulting (including vendor cybersecurity risk) at a Big 4 consulting firm or vendor risk management company
- 5+ years leading an enterprise risk management program, including Third-Party Risk, Internal Risk Maturity and Assessment, Risk Consolidation, and Risk Reporting
- Managing client accounts and P&L responsibility
- Information security/cybersecurity accreditation and background
- Experience working in a cybersecurity or technology organization