Responsible for maintaining and enhancing the organization’s Third-Party Cyber Risk Management (TPCRM) program. Conducts due‑diligence, cybersecurity assessments, continuous monitoring and regulatory alignment for third‑party vendors across all risk domains (technology, information security, privacy, resilience, compliance). Collaborates with Procurement, IT Security, Legal, Privacy, and Business Owners to ensure vendors meet corporate and regulatory requirements aligned with ISO 27001, SOC 2, NIST CSF, PCI-DSS, DORA and OCC 2013‑29.

• Perform third‑party cyber risk assessments, reviewing SOC 1/SOC 2, ISO 27001, risk questionnaires and evidence.

• Lead onboarding, reassessment and continuous monitoring activities across the vendor lifecycle.

• Identify control deficiencies, document findings, issue remediation plans and track closure with stakeholders.

• Collaborate with global teams (IT Security, Privacy, Legal, Procurement, Compliance) to manage vendor risks.

• Maintain TPCRM documentation, dashboards, metrics (KRI/KPI), workflows, and regulatory evidence.

• Support audits, regulatory exams, and executive reporting for high‑risk and critical vendors.

• Support audits, regulatory exams, and executive reporting for high‑risk and critical vendors.

• Deep knowledge of cybersecurity frameworks: ISO 27001/27017/27018, SOC 2, NIST CSF, PCI-DSS.

• Expertise in risk assessment techniques and vendor risk methodologies.

• Ability to analyze evidence, evaluate controls, and determine risk ratings.

• Strong stakeholder management across business, technical and executive teams.

• Excellent communication skills, including writing risk summaries and executive presentations.

• Experience using GRC/TPRM platforms (Archer, OneTrust, ServiceNow VRM, ProcessUnity, etc.).