Senior Consultant, Third Party Risk Management (TPRM)

You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.

JOB DESCRIPTION:

Core Responsibilities

• Manage the intake and reviews for all netnew vendors entering the organization; validate scope data flows service criticality and inherent risk indicators at the point of request.
• Operate the intake workflow across Workday Strategic Sourcing (WSS) and ProcessUnity (PU); ensure requests are properly classified and routed.
• Collaborate with Procurement to align intake with sourcing milestones (RFP/RFI contract negotiation)
• Produce Reporting metrics on intake volumes SLA adherence inherent risk distribution and critical third party supplier activities.
• Apply a pragmatic triage model (e.g. exempt items; existing supplier/same scope; existing supplier/new scope; new supplier/new scope) to focus effort on where risk is highest and eliminate unnecessary reviews.

• Function as the liaison across Procurement Legal InfoSec/Tech Risk Privacy Business/Operational Resiliency and Finance to orchestrate TPRM activities within the contracting process ensuring a seamless and efficient stakeholder experience.

• Co-lead endtoend risk assessments for highimpact/new vendors: scoping risk tiering (IRQ) duediligence review (DDQ) and control validation (remote or onsite) with auditready documentation.
• Coordinate reviews with SMEs (InfoSec Compliance Resiliency Finance); synthesize control gaps and propose remediation acceptance or compensating controls in line with the TPRM policy.

• Provide coaching to business owners managed service providers and vendors on completing questionnaires evidence expectations and timelines; handle escalations and sensitive assessments with discretion.
• Lead incremental workflow improvements in WSS/PU and support roadmap initiatives (e.g Intake Optimization IRQ refresh scaled issue management and riskintelligence integrations).

Qualifications

• 5-7 years of experience in third-party/vendor risk technology risk or related fields with direct ownership of new vendor onboarding and due diligence assessments.
• Proven ability to operate at pace in a procurementdriven environment triaging high volumes and prioritizing new supplier/new scope engagements.
• Demonstrated experience coordinating across InfoSec Legal Privacy Resiliency Finance and business stakeholders translating policy expectations into practical contract terms and controls.
• Excellent written and verbal communication; executivecaliber reporting and stakeholder management for highvisibility vendors.

Things that set you apart

• Certifications: CTPRP/CTPRA CISA CRISC CISSP or similar.
• Experience with riskintelligence platforms (e.g. Supply Wisdom Black Kite) and AIassisted control/evidence evaluation capabilities.
• Background in insurance/financial services vendor governance or regulatory frameworks relevant to outsourcing data protection operational resilience

• Intake mastery - ability to quickly classify requests separate exempt/lowrisk from highimpact cases and keep pipelines flowing without bottlenecks.
• Orchestration and influence: crossfunctional leadership and stakeholder alignment throughout contracting and onboarding; strong meeting facilitation.
• Tool fluency - ProcessUnity administration/usage and WSS intake routing; comfort with dashboards SLAs/KPIs and audit trails.
• Risk Judgment & Decisioning: Makes timely defensible inherent risk determinations with clear rationale.
• Process Excellence: Builds and enforces standardized intake workflows SLAs and data quality checks.
• Stakeholder Partnership: Collaborates cross-functionally
• Detail Orientation: Catches gaps in scope data during risk reviews.
• Systems & Data Literacy: Comfort with dashboards forms integrations and vendor artifacts (SOC reports SIG CAIQ).
• Communication: Clear concise and business-friendly briefings and guidance.

In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $72000 to $141000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact.