Third Party Risk Management (TPRM) Consultant - Principal

Infosys Consulting is a globally renowned management consulting firm operating at the front-line of industry disruption. It is a mid-size consultancy within the larger Infosys organization, which is a top-5 IT brand experiencing rapid growth. The consulting business is recognized annually as one of the UK’s top firms by the Financial Times and Forbes for client innovations, cultural diversity, and dedicated training and career paths. Infosys Consulting is committed to fostering an inclusive work culture.

• Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.
• Strong background as Security Assessor, Auditor, and Risk Consultant.
• Proven experience leading TPRM, vendor risk, and supplier assurance programmes.
• Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.
• Strong knowledge of regulatory and security frameworks: ISO 27001, NIST, SOC2, GDPR, DORA, NIS2.
• Hands-on experience with GRC / TPRM platforms, ideally including OneTrust.
• Ability to design and implement third-party risk frameworks, policies, and governance models.
• Strong stakeholder management skills at executive and board level.
• Proven people management experience, including team leadership and mentoring.
• Ability to balance security, risk, compliance, and business enablement.
• Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.
• CISA (Certified Information Systems Auditor) strongly preferred.
• Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.
• Additional certifications such as CISM, CRISC, CISSP are an advantage.
• Experience working across multiple industries including Financial Services, Healthcare, Critical Infrastructure, Government, and Technology.
• Experience with regulatory-driven environments and compliance-led transformation programmes.

Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above.

• Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models.
• Design enterprise-level Third Party Risk Management strategies aligned with regulatory, operational, and cyber risk requirements.
• Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC.
• Act as engagement lead and trusted advisor for executive stakeholders including CISO, CRO, Risk, Compliance, Procurement, and Legal.
• Ensure successful delivery of TPRM services including assessments, frameworks, tooling, and operationalisation.
• Lead third-party security assessments, audits, and assurance activities.
• Define assessment methodologies, risk scoring models, control frameworks, and reporting structures.
• Oversee supplier due diligence, onboarding risk processes, and continuous monitoring programmes.
• Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies.
• Provide leadership in the use of GRC and TPRM tooling such as OneTrust, Archer, ServiceNow GRC.
• Design and implement scalable Third Party Risk frameworks, policies, standards, and operating models.
• Align TPRM frameworks with industry standards and regulatory requirements including ISO 27001, NIST, SOC2, GDPR, DORA, NIS2.
• Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives.
• Manage multi-stream delivery, dependencies, risks, and stakeholder alignment.
• Lead, mentor, and develop a team of consultants (up to 5 direct reports).
• Build high-performing delivery teams and ensure capability development in TPRM and GRC.
• Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains.
• Advise clients on risk treatment strategies, remediation plans, and control improvements.
• Drive continuous improvement in TPRM methodologies, delivery models, and service offerings.
• Stay current with regulatory developments, emerging risks, and industry best practices in third-party risk and supply chain security.