Remote - *Third Party Cyber Risk Management (TPCRM) Consultant*

Title: *Third Party Cyber Risk Management (TPCRM) Consultant* Location: Princeton, NJ Remote with monthly once or twice client visits Looking for local candidates only Pharma domain work experience is a must Description: We are looking for a Third-Party Cyber Risk Management consultant to perform insightful risk analyses on third-party vendors and perform as a strategic partner to the business, translating data into decisions, risks into recommendations, and insights into impact. The Third-Party Cyber Risk Management Consultant will execute and drive activities around TPCRM security and audits, assess partners and suppliers capabilities, and create awareness and education for TPCRM stakeholders. You are an important link in establishment of trust for our client's digital team and its partners and ensuring control of critical data across the security threat landscape. In addition to your in-depth experience with SOC2 as a primary mechanisms to evaluate vendors and regulatory compliance frameworks such as NIST, this role requires a mix of technical and business acumen to influence and communicate with stakeholders across the enterprise. Overall Responsibility: Security Develop and update TPCRM Security standards and documentation Continuously assess TPCRM security risks based on an inventory of vendor landscape and TPCRM security risks Develop TPCRM security metrics and requirements Examine and select tools and techniques to continuously monitor and report on third party security risks Support the management of information security risks throughout the duration of a supplier relationship, corresponding communication, and metrics reporting Support operations of third party cyber risk management program (TPCRM) in 2026 Ensure alignment with DK Act by end of 2026 Ensure all new TPCRM Suppliers assessed by end of 2026 Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026 Evaluate the security assurance statements of critical suppliers Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA and Digital Ensure all critical or high residual risk TPCRM Suppliers are reassessed by end of 2026 Evaluate the security assurance statements of critical suppliers Update, align and deploy current vendor and TPCRM security requirements in alignment with Procurement, Corporate Compliance, Legal, Privacy, QA Audit Develop and deploy cyber risk audit as a service by end of 2026 Develop and maintain strong working relationships with leaders in the Digital, Legal and Global Procurement departments and stay ahead of new developments in security and data protection regulations Develop and manage the framework and timeline for performing regular audits and the assessment of assurance reports Based on the current vendor landscape, define audit priorities and activities for short (one year) and long (three years) term period Execute audit calendar and integrate results into an integrated dashboard Experience Needed: Certification such as CTPRP, CRISC, or CISSP, CISA, CISM Minimum of 5 years of experience in TPCRM (Third Party Cyber Risk Management) Excellent understanding of vendor management processes and related assurance frameworks ( SOC 1 and 2 and type I/II audits and auditor reports) Good knowledge of Regulatory Compliance Frameworks applicable for a multinational life science organization or other highly regulated environment ( NIST, GxP) Experience working with GRC tools (e.g. ServiceNow, Galvanize, Vanta, MetricStream, Archer, etc.) Experience in defining and implementing security management processes and controls Experience in setting up a TPCRM security improvement roadmap and driving the implementation of corresponding actions and processes Experience in working in multinational organizations and global virtual teams Good understanding of current and emerging cyber security and privacy regulations and practices, and how other enterprises are employing them. Enable proactive identification/resolution of risks by collaborating across multiple teams Fosters strong relationships with colleagues and business leaders to enable risk mitigation through effective communication of TPCRM risk status to key stakeholders Leads and contributes to outcomes for: Risk assessments, Security improvements and Audit remediations Supports alignment of security operations to policies, standards, and procedures Contributes, maintains, and reports on Key Performance and Risk Indicators (KRI/KPI) Excellent communication skills to connect effectively with different stakeholders and to deal with the different interests in the organization.