Digital Trust TPRM-Advisory Services Senior - KPMG

Job Description

You will provide expert guidance and advisory services, helping clients navigate complex third-party risk environments and implement effective governance, risk, and compliance (GRC) strategies. Your deep expertise in digital trust, cybersecurity, and risk management will be instrumental in shaping client solutions and driving long-term business value.

Key Responsibilities:

• Third-Party Risk Management (TPRM):Lead client engagements in developing and executing comprehensive third-party risk management strategies. Assess client risk exposure related to third-party vendors, partners, and service providers, and provide actionable recommendations to mitigate these risks.
• Advisory Services:Provide strategic advice to senior client stakeholders on managing digital trust and third-party risk within the context of broader organizational risk management and governance frameworks. Advise on policy and procedure development, compliance with regulations (e.g., GDPR, SOC 2, ISO 27001), and best practices for securing the digital supply chain.
• Risk Assessment & Evaluation:Conduct risk assessments and due diligence on third parties to evaluate cybersecurity, privacy, and compliance risks. Provide actionable recommendations for risk mitigation and monitor the implementation of corrective actions.
• Vendor & Supplier Management:Work with clients to develop processes for managing, monitoring, and evaluating the security posture of third-party vendors and suppliers. Support the implementation of effective third-party monitoring programs.
• Frameworks & Tools Implementation:Guide clients in adopting and optimizing third-party risk management frameworks and tools. Help implement automated processes to track and report risks, ensuring that clients can continuously monitor their third-party relationships.
• Stakeholder Engagement:Cultivate strong relationships with senior-level client stakeholders, offering thought leadership and advisory support on emerging risks, regulations, and industry trends. Present findings, risks, and recommendations in clear, actionable terms to both technical and non-technical audiences.
• Continuous Improvement:Stay up to date with the latest trends in cybersecurity, third-party risk management, regulatory compliance, and digital trust. Propose enhancements to risk management processes and methodologies based on industry changes and lessons learned from client engagements.
• Team Leadership & Development:Mentor junior team members, providing training on third-party risk management concepts, tools, and methodologies. Foster a collaborative environment focused on client success and professional growth.

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, Business, or a related field (Master's preferred).
• 5+ years of experience in third-party risk management, cybersecurity, or a related advisory services role, with a focus on digital trust, GRC, or vendor risk management.
• Strong knowledge of third-party risk management frameworks, standards (e.g., NIST, ISO 27001, SOC 2, etc.), and regulatory requirements (e.g., GDPR, CCPA, HIPAA).
• Proficiency in risk assessment methodologies, including the ability to identify, evaluate, and prioritize risks within the digital ecosystem.
• Experience with tools and platforms used in third-party risk management, including vendor risk management solutions, GRC tools, and risk analytics platforms.
• Strong communication and presentation skills, with the ability to explain complex technical issues to non-technical stakeholders.
• Proven ability to manage multiple client engagements and prioritize work effectively in a fast-paced environment.
• Relevant certifications, such as CISSP, CISM, CRISC, CISA, or equivalent, are highly desirable.

Preferred Skills:

• Knowledge of emerging technologies such as AI, blockchain, and cloud computing, and their impact on third-party risk.
• Experience in a consulting or advisory role within a major firm or as part of a specialized digital trust practice.
• Familiarity with the global regulatory landscape around data protection, cybersecurity, and third-party risk management.