Third Party Assessor

NR Labs is seeking a detail-oriented and analytical Third Party Risk Management (TPRM) Assessor to join our risk and compliance team. In this role, you will be responsible for assessing the information security, privacy, and operational risks of vendors, partners, and other third parties. The ideal candidate will have experience evaluating third-party controls, interpreting SIG responses, and collaborating with internal stakeholders to manage and mitigate risk.  This is a fast paced, highly autonomous role.  Candidates are expected be able to concurrently manage 6-8 TPRM assessments (in different stages of the assessment lifecycle), deliver on time, and meet quality requirements.

‍

Key Responsibilities:

• Conduct third-party risk assessments using the Shared Assessments SIG Questionnaire (Lite, Core, or Full) to evaluate vendor controls across security, privacy, and compliance domains.

• Review, validate, and interpret completed SIG responses and supporting documentation (e.g., SOC reports, ISO certifications, policy documents).

• Identify control gaps, weaknesses, or residual risks in vendor responses and assess their potential impact to the organization.

• Work with vendors to clarify or remediate responses, escalating risk concerns as appropriate.

• Maintain accurate records of assessments, findings, and risk ratings in the third-party risk management system.

• Partner with Procurement, Legal, Information Security, and Business Units to support due diligence and contract negotiation processes.

• Stay informed of evolving third-party risk regulations, industry standards, and best practices (e.g., NIST, ISO, GDPR, CCPA).

• Contribute to the continuous improvement of TPRM processes, tools, templates, and workflows.

• Leverage AI tools to improve timeliness of assessments.

‍

Required Qualifications:

• 5+ years of experience in third-party risk management, vendor risk assessments, IT audit, or information security.

• Proficiency with the Shared Assessments SIG Questionnaire and understanding of its structure and usage is preferred.

• Familiarity with third-party risk frameworks (e.g., NIST CSF, ISO 27001, SOC 2, GDPR).

• Strong analytical, documentation, and communication skills.  Employee will interact directly with third parties and must have exceptional verbal and communication skills.

• Experience working with risk management platforms (e.g., Archer, ServiceNow, OneTrust, ProcessUnity, Prevalent).

• Relevant certifications such as CTPRP, CISA, CRISC, CISSP, CISM, or similar.

‍

Desired Qualifications:

• Experience in regulated industries (e.g., financial services, healthcare, insurance).

• Understanding of contract terms related to information security and risk.

‍

Clearance and Location Requirements:

• Ability to obtain a project clearance is required.

• This is a remote based position.

‍