Third Party Risk Management (TPRM) Manager

Location: Katowice

Hybrid model: 2 days office/3 days remote

Third Party Risk Management (TPRM) Manager

Let us introduce you the job offer by EY GDS Poland a member of the global integrated service delivery center network by EY.

At EY were all in shape to your future with confidence.

Well help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.

The opportunity

As a Third Party Risk Management (TPRM) Manager youll work with crossfunctional teams across procurement security legal and compliance to build scalable thirdparty risk programs. You will support the full vendor lifecyclefrom inherent risk scoping and due diligence to contract governance ongoing monitoring and issue remediationleveraging marketleading platforms and recognized risk frameworks.

We support endtoend engagement lifecycle and project management activities that are essential to every engagement region and competencies. We help in project coordination & management financial analysis engagement compliance & governance requirements across industries and countries.

Your key responsibilities

• Design and implement riskbased vendor lifecycle processes (inherent risk tiering 1-3 due diligence onboarding monitoring offboarding)
• Execute and/or lead thirdparty assessments using standardized questionnaires and evidence reviews (i.e. SOC 2 ISO/IEC 27001 certificates)
• Align TPRM controls and reporting with enterprise risk appetite and ISO 31000/ISO 27005 methods; maintain risk registers and remediation plans
• Translate GDPR Art.28 NIS2 supplychain requirements and DORA ICT thirdparty obligations into actionable operating procedures and contract clauses
• Configure and run workflows in TPRM/VRM platforms (i.e. Archer ServiceNow IRM AuditBoard ProcessUnity) and integrate with ticketing/CMDB where relevant
• Assess financial operational information security and resilience risks including concentration risk and fourthparty dependencies
• Collaborate with Legal/Procurement to embed audit rights breach notification data protection and exit strategy language into contracts
• Establish metrics and dashboards for executives and risk committees; present findings and drive risk treatment decisions
• Coordinate remediation and followup tracking issues to closure and validating effectiveness of corrective actions
• Contribute to playbooks training and awareness to scale TPRM capabilities across business units
• Support quality and risk management needs across Consulting practices

Skills and attributes for success

• Strong stakeholder engagement and the ability to translate technical risk into businessrelevant language.
• Analytical rigorsynthesizing evidence from questionnaires ratings audits and financials into clear recommendations.
• Project management discipline across multiworkstream implementations and process rollouts.
• Understanding of ERM principles and how vendor risk links to business objectives and resilience.
• Excellent written and verbal communication in English; confident presenting to senior stakeholders.
• Strong computer skills including advanced Microsoft suit (Excel PowerPoint presentation etc.)
• Strong attention to detail even when dealing with routine tasks
• Assertive with strong influencing skills
• Prior experience working with Global cliental preferred
• Confident to deal with senior level contacts internally and externally
• Able to effectively summarize and conclude on work applying appropriate documentation standards
• Able to effectively prioritize and execute tasks in a high-pressure environment

To qualify for the role you must have

• 5-10 years of experience in thirdparty/vendor risk information security audit or related risk roles
• Handson exposure to at least one TPRM/VRM platform (i.e. Archer ServiceNow IRM AuditBoard ProcessUnity) and strong Excel/PowerPoint skills
• Working knowledge of GDPR Art.28 obligations NIS2 supplychain expectations and (for financial clients) DORA thirdparty requirements
• Familiarity with ISO 31000/27005 and ISO/IEC 27001 control concepts; ability to review SOC 2 and security evidence
• Strong English communication - both written and verbal
• Computer skills including advanced Microsoft Office (World Excel Power Point)
• Ability to function as part of a teambut also as individual performer
• Willingness to learn and develop
• Proactiveness and flexibility
• Confident to deal with senior level contacts

Ideally youll also have

• Working knowledge of AI Risk & Ethics (ISO 42001 EU AI Act)
• Certifications such as CRISC CISA CISM or CISSP
• Experience in financial services or other highly regulated sectors; understanding of concentration and systemic risk
• Experience with vulnerability/risk data scanning tools (i.e. Qualys Nessus) to inform supplier assessments
• Additional EU languagewill be an advantage

What we look for

We are looking for ambitious individuals interested in working in global dynamic environment. We are interested in people who would like to develop and upskill themselves as well as cooperate and support others.

Working model

Hybrid working model consisting of 2 days in the office and 3 days working remotely with office locations in Wroclaw or Katowice and occasional business travel depending on project and client needs.

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations Argentina China Hungary India the Philippines Poland Sri Lanka Mexico Spain and the United Kingdom and with teams from all EY service lines geographies and sectors playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants we offer a wide variety of fulfilling career opportunities that span all business GDS you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. Well introduce you to an ever-expanding ecosystem of people learning skills and insights that will stay with you throughout your career.

• Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way.
• Transformative leadership: Well give you the insights coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY Building a better working world

EY exists to build a better working world helping to create long-term value for clients people and society and build trust in the capital markets.

Enabled by data and technology diverse EY teams in over 150 countries provide trust through assurance and help clients grow transform and operate.

Working across assurance consulting law strategy tax and transactions EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above please contact us as soon as possible.

The exceptional EY experience. Its yours to build.

In compliance with the requirements of the Whistleblower Protection Act our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.