The mission of this role is to support the design and enhancement of the Third Party Risk Management program, across both regulated and non-regulated entities, ensuring alignment with regulatory requirements (OCC, FFIEC, MAS, DORA, Federal Reserve, NY DFS, etc) as well as industry leading practices.

This role will also identify program enhancements in support of emerging risks impacting outsourced products / services.

This role will particularly contribute to the execution and optimization of due diligence and ongoing monitoring risk assessments with focus on Information Technology and Information Security as well as Quality Control process enhancement.

Responsibilities

Lead and manage the Third Party Findings Management process across key risk impact categories with specific focus on: weekly, monthly and quarterly status reporting to track findings to closure in partnership with Risk SMEs, and creation of documentation to support Third Party Risk Management program evolution leveraging industry leading practices.

Drive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities to include reviews of the following key risk impact categories: Financial, Business Continuity, Information Security, as well as additional risk reviews based on risk and complexity of product / service being outsourced.

Lead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities, including maintaining the schedule of reviews to be performed, assessing the status of in-progress reviews, analyzing findings to identify common themes or trends for training and development, documentation and reporting to key stakeholders specific to review closure activities.

Assist on various TPRM Projects as needed with minimal supervision required

Complexity and Impact of Work

Manage and enhance Procedures related to the Third Party Findings Management process and support the standardization of findings management across regulated and non-regulated legal entities.

Create and manage Procedures related to the Third Party Risk Management Quality Control process and support the implementation of Quality Control across regulated and non-regulated legal entities.

Organizational Knowledge

Collaborate across the organization to understand business requirements in support of TPRM Program to include regulated and non-regulated legal entities in alignment with TPRM program evolution.

Communication and Influence

Independently create and consistently refine summaries, reports, and governance documentation associated with the Third Party Risk Management Program

Independently and consistently refine summaries, reports and governance documentation to support Third Party Findings Management program evolution.

Effectively communicate with stakeholders such as Risk Subject Matter Experts (SMEs) and relevant Relationship Owners and Relationship Managers.

You may be a fit for this role if you have:

Regulated Financial Institution experience Third Party Findings Management experience Information Security assessment experience TPRM Quality Control experience

Although not a requirement, bonus points if:

You previously directly worked with Financial Service regulators to include Office of the Comptroller of the Currency (OCC), New York Department of Financial Services (NY DFS), Federal Financial Institutions Examination Council (FFIEC), Monetary Authority of Singapore (MAS), and other regulatory bodies

You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system.

XML job scraping automation by YubHub

We are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries. As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements. You will act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services.

Key Responsibilities:

·       TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models and design enterprise-level Third Party Risk Management strategies aligned with regulatory, operational, and cyber risk requirements.

·       Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC and act as engagement lead and trusted advisor for executive stakeholders (CISO, CRO, Risk, Compliance, Procurement, Legal). In addition to that ensure successful delivery of TPRM services including assessments, frameworks, tooling, and operationalisation.

·       Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities and define assessment methodologies, risk scoring models, control frameworks, and reporting structures as well as oversee supplier due diligence, onboarding risk processes, and continuous monitoring programmes.

·       Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies and provide leadership in the use of GRC and TPRM tooling (e.g. OneTrust, Archer, ServiceNow GRC, similar platforms).

·       Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives and manage multi-stream delivery, dependencies, risks, and stakeholder alignment.

·       Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports) and build high-performing delivery teams and ensure capability development in TPRM and GRC.

·       Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains and advise clients on risk treatment strategies, remediation plans, and control improvements.

·       Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings and stay current with regulatory developments, emerging risks, and industry best practices in third-party risk and supply chain security.

Requirements

Essential Skills and Experience:

·       Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.

·       Strong background as Security Assessor, Auditor, and Risk Consultant.

·       Proven experience leading TPRM, vendor risk, and supplier assurance programmes.

·       Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.

·       Hands-on experience with GRC / TPRM platforms, ideally including OneTrust.

·       Ability to design and implement third-party risk frameworks, policies, and governance models.

·       Strong stakeholder management skills at executive and board level.

·       Proven people management experience, including team leadership and mentoring.

·       Ability to balance security, risk, compliance, and business enablement.

Qualifications:

·       Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.

·       CISA (Certified Information Systems Auditor) strongly preferred.

·       Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.

·       Additional certifications such as CISM, CRISC, CISSP are an advantage.

·       Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology).

·       Experience with regulatory-driven environments and compliance-led transformation programmes.

_Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please_ _apply now._

Benefits

About Infosys Consulting

Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology.  We work with market leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey.

Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.

Within Europe, we are recognized as one of the UK’s top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity and dedicated training and career paths. Infosys is on the Germany’s top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row.

We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal ambitions. Curious to learn more? We’d love to hear from you.... Apply today!

XML job scraping automation by YubHub