Del Oro Consulting is seeking a Junior Cybersecurity Risk Management Consultant to support the day-to-day operations of an enterprise Third-Party Risk Management (TPRM) program. This consultant is responsible for coordinating vendor security assessments, tracking remediation activities, maintaining accurate documentation, and ensuring vendor risk activities are completed efficiently and in accordance with established security and compliance standards.
Responsibilities:
- Support the onboarding of new third-party vendors into the organization's Third-Party Risk Management (TPRM) program
- Review vendor intake requests to ensure required information is complete and accurate
- Coordinate the distribution, collection, and tracking of vendor security questionnaires and assessment documentation
- Monitor vendor assessment progress and proactively follow up on outstanding questionnaires, evidence requests, and documentation
- Maintain accurate assessment records and workflow updates within the ServiceNow platform
- Collect, organize, and maintain vendor security documentation, including policies, certifications, and supporting evidence
- Coordinate remediation efforts by tracking identified security gaps and following up on corrective actions
- Validate vendor security controls and supporting documentation against established security requirements
- Support vendor risk tracking, reporting, and status updates for internal stakeholders
- Assist with daily operational activities within the Third-Party Risk Management program as assigned by the TPRM Manager
- Ensure all assigned work is completed according to established priorities and timelines
Requirements:
- 3+ years of experience supporting Third-Party Risk Management (TPRM), Vendor Risk Management (VRM), Cybersecurity Risk Management, and/or Governance, Risk & Compliance (GRC) programs
- Experience coordinating vendor security assessments and managing assessment documentation
- Familiarity with industry security questionnaires (SIG, CAIQ, custom questionnaires, etc.)
- Experience working with ServiceNow
- Understanding of cybersecurity controls and vendor risk assessment processes
- Strong organizational skills with the ability to manage multiple vendor assessments simultaneously
- Excellent written and verbal communication skills with experience interacting directly with vendors and internal stakeholders
- Strong attention to detail and ability to maintain accurate records and documentation