Cyber Security Third Party Risk Management Lead

MCS Group is seeking a Cyber Security Third Party Risk Management Lead to join their client, a thriving and well-established organisation with headquarters in Dublin. This position is a 12 month Fixed Term Contract into permanency as is standard in the organisation.

With multiple projects in the pipeline and a growing team, this is a fantastic opportunity for an experienced Risk Management professional to join a successful team in a newly created position.

The Third-Party Risk Management (TPRM) Lead will be responsible for designing, implementing, and overseeing a robust third-party risk management programme. This role ensures that all external vendors, suppliers, and partners align with the organisation's security, compliance, and operational risk standards. Working closely with teams across procurement, legal, IT, the cyber team, and other business units, the TPRM Lead will assess, monitor, and mitigate third-party risks. This position is part of a growing risk management function, playing a key role in safeguarding the organisation against external threats.

The successful candidate will be afforded public sector benefits - increased holidays, fantastic pension and unmatched job security in an organisation which truly reflects work-life balance!

This is a hybrid role with with city-centre offices.

The Role

• Enhance the third-party risk management framework that aligns with regulatory, legal, and business requirements.
• Conduct initial and ongoing risk assessments of third-party vendors, ensuring compliance with industry standards and best practices.
• Develop and maintain ongoing monitoring mechanisms for third-party risks, ensuring timely remediation of identified issues.
• Conducting in-depth supplier IT risk assessments by reviewing supplier answers to the cyber supplier questionnaire, documenting controls and identifying gaps and inconsistencies.
• Developing a new, streamlined onboarding process using workflow automation, rules, formulas, and interactive questionnaires, significantly reducing onboarding time and automating third-party vendor risk profiling.
• Conduct internal scoping assessments with business and project owners to accurately tier suppliers and categorize them based on risk levels and business criticality.
• Performing in depth due diligence reviews on vendors to proactively identify any potential risks associated with services. These reviews will cover risk and gap assessments, threat profiling and analysis, security incident history reviews and thorough evaluations of supplier policies and procedures, current security controls, third party pen testing reports, vulnerability management reports, and information security reports such as SOC2 Reports, NIST or ISO 27001 reports, PCI DSS etc).
• Manage relationships with large third-party suppliers involved in transformative, high-impact projects and Business as usual activities. This included facilitating collaboration between key business owners, procurement, architecture, privacy, and the suppliers themselves.
• Conduct AI risk assessments on suppliers AI models to ensure sensitive data is ring fenced and not used to train other models.
• Conducting specific risk assessments on suppliers utilizing OT, IoT, and ML technologies to ensure compliance with data protection and regulatory requirements.
• Developing and implementing remediation plans for identified security gaps working directly with vendors to enforce corrective actions
• Maintaining detailed records of vendor assessments, risk profiles and mitigation plans to ensure transparency and regulatory compliance.
• Performing technical security architecture reviews to identify potential vulnerabilities impacting security principles, collaborating with the architecture team to confirm and address these vulnerabilities
• Work with internal stakeholders (procurement, legal, IT, compliance) to integrate third-party risk considerations into vendor selection and contract management processes.
• Responsible for confirming the Inherent Risks /Residual Risks and the effectiveness of Supplier security measures and controls.
• Reviewing and analysing the daily vulnerability reports generated by the third party risk management tool. Confirm reported vulnerabilities and report to responsible teams.
• Review the daily threat intelligence report generated by TI reporting tools
• Ensure that third-party risk management practices adhere to relevant regulations (e.g., GDPR, ISO 27001, NIST, etc.).
• Establish procedures for responding to third-party risk incidents, ensuring minimal impact on business operations working closely with the security operations lead and business continuity lead.
• Develop and present risk reports to senior management, highlighting key risks, trends, and mitigation strategies.
• Leverage tools and technologies to enhance third-party risk assessment, monitoring, and reporting capabilities.

The Person (Essentials)

• A Bachelor's or Master's degree in Risk Management, Cybersecurity, Business Information Systems, or a related field.
• Relevant certifications such as CISM, CISA, CISSP, or CRISC are advantageous.
• At least 5+ years of experience in third-party risk management, vendor management, IT risk, compliance, or a similar role.
• Strong communication and stakeholder management skills.
• Experience with risk assessment tools and methodologies.
• Ability to work independently and manage multiple priorities
• You'll have the right to work in Ireland (EU Citizen/Stamp 4 Visa)
• Happy to work in a hybrid model and be on-site for meetings as required

Salary

Starting salary is €81,000 with a leading benefits package including pension and increased holidays.

To speak in absolute confidence about this opportunity, please send an up-to-date CV via the link provided or contact Calum Omand, Specialist Recruitment Consultant, at MCS Group on 015259641.

Even if this position is not right for you, we may have others that are. Please visit MCS Group to view a wide selection of our current and exclusive roles www.mcsgroup.jobs