Risk Management Specialist

Role Overview

Our client, a fast-growing, high-velocity SaaS company in the construction industry, is seeking a highly motivated and detail-oriented Third-Party Risk Management (TPRM) Consultant for an immediate contract engagement through the end of the year.

This is a 100% remote position within the United States.

In this role, you will be a key contributor to the Governance, Risk, and Compliance (GRC) organization, taking immediate ownership of a critical backlog of vendor risk assessments. We are looking for a consultant who leverages cutting-edge AI tools to accelerate the assessment lifecycle, applying critical analysis to balance business velocity with defined risk appetite.

What You Will Be Doing

You will be embedded into the GRC team, executing the end-to-end TPRM process with a focus on speed, data integrity, and pragmatic risk management:

• Execute the TPRM Process: Conduct comprehensive, end-to-end risk assessments on third parties. Analyze security controls, SOC 2 Type II reports, ISO certifications, and compliance documentation, gathering necessary details directly from vendors.
• Drive AI-Powered Efficiency: Leverage Claude and other advanced AI tools to rapidly parse, summarize, and extract key findings from vendor compliance artifacts, significantly reducing time-to-assessment while highlighting material risks.
• Identify Critical Systems & Assets: Partner with internal technical and business teams to map sensitive data, determine inherent risk, and identify complex processor/sub-processor relationships.
• Prioritize by Risk Appetite: Categorize third parties (tiering) to guide reassessment depth. Evaluate gaps through the lens of our risk appetite, ensuring we secure our supply chain without unnecessarily blocking business velocity.
• Support Contracting: Partner with legal and procurement teams to ensure critical security and data protection requirements are accurately captured in vendor contracts.
• Maintain Accurate Records (OneTrust): Document all assessment activities, findings, and mitigation efforts with high data integrity inside our TPRM platform (OneTrust).
• Provide Operational Support: Guide internal business owners and external third parties smoothly through the TPRM pipeline, answering technical questions and resolving bottlenecks.

Requirements

• Experience: 5+ years of direct experience conducting complex, end-to-end third-party risk assessments, preferably in a fast-paced SaaS, tech, or regulated environment.
• AI Tool Fluency: Direct, practical experience leveraging LLMs (Cursor, Claude, Gemini) to optimize workflows, analyze long-form documents, and accelerate evidence collection.
• Technical Knowledge: Deep understanding of information security/data protection frameworks (SOC 2, ISO 27001, NIST CSF) and global regulations (GDPR, CCPA, and the EU AI Act).
• Platform Proficiency: Hands-on, intermediate-to-advanced experience with OneTrust, including navigating workflows and managing assessment data.
• Critical Analysis & Soft Skills: Exceptional problem-solving abilities. You don't just check compliance boxes; you look at actual architectural risks and can clearly articulate business impacts to stakeholders at all levels.
• Independent Execution: A proven ability to hit the ground running on day one, take total ownership of your queue, and prioritize effectively in a dynamic, high-velocity environment.

Preferred Qualifications

• Relevant certifications such as CRISC, CISA, CISSP, CISM, or CTPRP.
• Familiarity with data analysis and visualization tools like Power BI to support data-driven risk reporting.