Principal Consultant, Third Party Risk Management

📋 Description

• Key Responsibilities: · TPRM Proposals & Strategy: Spearhead the creation of TPRM and GRC proposals, outlining scope, delivery models, governance structures, and operating models, while designing enterprise-level Third Party Risk Management strategies that meet regulatory, operational, and cyber risk requirements.

• Client Engagement Leadership: Direct and oversee intricate client engagements in Third Party Risk Management, vendor risk, and GRC, serving as the engagement lead and trusted advisor for executive stakeholders (CISO, CRO, Risk, Compliance, Procurement, Legal). Additionally, ensure the effective delivery of TPRM services, including assessments, frameworks, tooling, and operationalization.

• Security Assessment & Audit Leadership: Manage third-party security assessments, audits, and assurance initiatives, while establishing assessment methodologies, risk scoring models, control frameworks, and reporting structures, alongside overseeing supplier due diligence, onboarding risk processes, and continuous monitoring programs.

• Technical & Methodological Authority: Act as the subject matter expert for TPRM, GRC platforms, and vendor risk methodologies, providing guidance in the utilization of GRC and TPRM tools (e.g., OneTrust, Archer, ServiceNow GRC, and similar platforms).

• Framework Design & Governance: Create and implement scalable Third Party Risk frameworks, policies, standards, and operating models, ensuring alignment of TPRM frameworks with industry standards and regulatory requirements (e.g., ISO 27001, NIST, SOC2, GDPR, DORA, NIS2).

• Project, Delivery & Programme Leadership: Serve as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM projects, managing multi-stream delivery, dependencies, risks, and stakeholder alignment.

• Team Leadership & Management: Guide, mentor, and develop a team of consultants (up to 5 direct reports), fostering high-performing delivery teams and ensuring capability development in TPRM and GRC.

• Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains, advising clients on risk treatment strategies, remediation plans, and control enhancements.

• Continuous Improvement & Innovation: Foster continuous improvement in TPRM methodologies, delivery models, and service offerings while staying updated with regulatory changes, emerging risks, and industry best practices in third-party risk and supply chain security.

⛳️ Requirements

• Essential Skills and Experience: · Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at an enterprise level.

• Strong background as a Security Assessor, Auditor, and Risk Consultant.

• Proven track record leading TPRM, vendor risk, and supplier assurance programs.

• Experience in roles such as Project Manager, Delivery Lead, and Programme Lead for complex engagements.

• In-depth knowledge of regulatory and security frameworks: ISO 27001, NIST, SOC2, GDPR, DORA, NIS2, etc.

• Hands-on experience with GRC / TPRM platforms, especially OneTrust.

• Capability to design and implement third-party risk frameworks, policies, and governance models.

• Strong stakeholder management skills at the executive and board level.

• Proven experience in people management, including team leadership and mentoring.

• Ability to balance security, risk, compliance, and business enablement.

• Qualifications: · Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related fields.

• CISA (Certified Information Systems Auditor) is highly preferred.

• Lead Auditor certification (e.g., ISO 27001 Lead Auditor) is highly desirable.

• Additional certifications such as CISM, CRISC, CISSP are advantageous.

• Experience working across various industries (e.g., Financial Services, Healthcare, Critical Infrastructure, Government, Technology).

• Experience with regulatory-driven environments and compliance-led transformation programs.

*Please note that this is a brief overview of the role and we encourage you to apply even if you do not meet all the listed requirements. We are seeking team members who are driven to make an impact and are eager to learn. If this resonates with you and you believe you possess the necessary skills and experience, then please apply now.

🏝️ Benefits

• About Infosys Consulting

• Join a globally recognized management consulting firm at the forefront of industry disruption and technological innovation. We collaborate with market-leading brands across various sectors. Our culture promotes inclusivity and entrepreneurship. As a mid-sized consultancy within the scope of Infosys, we enjoy the global reach necessary to partner with our clients throughout their transformation journeys.

• Our core values, IC-LIFE, represent a unified code that propels us forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.

• In Europe, we are acknowledged as one of the UK’s top firms by the Financial Times and Forbes for our client innovations, cultural diversity, and dedicated training and career paths. Infosys is listed among Germany’s top employers for 2023. Management Consulting Magazine recognized us in their list of Best Firms to Work for. Moreover, Infosys has been honored by the Top Employers Institute, a global certification organization, for its outstanding employee conditions across Europe for five consecutive years.

• We provide industry-leading compensation and benefits, along with exceptional training and development opportunities to help you advance your career and fulfill your personal goals. Interested in learning more? We’d love to hear from you... Apply today!