TPSA Senior Consultant

We are looking for a Senior Third-Party Security Risk Consultant to support and enhance cybersecurity risk assessments related to external suppliers and service providers. The role focuses on evaluating, guiding, and improving cyber risk posture across third-party engagements, ensuring security controls are appropriately defined, assessed, and embedded throughout the supplier lifecycle—from selection through onboarding and remediation.

This position sits within a cybersecurity risk and assessment function and plays a key role in ensuring consistent, high-quality security assurance across global supplier relationships. The role combines hands-on risk assessment, advisory responsibilities, and quality assurance of security evaluation outcomes.

• 5+ years of experience in cybersecurity, risk management, or information security roles
• Strong understanding of risk and control frameworks, including design and assessment of security controls
• Experience in third-party / supplier security risk management or governance
• Ability to translate technical security issues into business risk language
• Experience working in international, cross-functional environments with diverse stakeholders
• Strong communication skills in English (written and verbal)
• Experience engaging with senior stakeholders and influencing decision-making
• Knowledge of cloud security (especially SaaS environments) is highly desirable
• Awareness of AI-related security risks is a plus
• Relevant certifications such as CISSP, CISA, CISM, CRISC, or CCSP are preferred
• Degree in IT, Cybersecurity, or equivalent practical experience

• Deliver end-to-end third-party cybersecurity risk assessments as part of supplier selection and onboarding processes
• Provide expert guidance on cyber risk exposure, control gaps, and remediation strategies for critical suppliers
• Support the development and evolution of third-party cyber risk consultancy practices within procurement and onboarding workflows
• Collaborate with cybersecurity, risk, procurement, and technology stakeholders in a global environment
• Act as a subject matter expert (SME) for complex supplier-related security assessments
• Perform quality assurance on security assessment outputs to ensure consistency and high standards
• Contribute to the development of frameworks, methodologies, and training materials for third-party risk practices
• Prepare clear and concise reports, updates, and risk summaries for senior stakeholders
• Support audits, regulatory reviews, and internal risk governance activities
• Communicate technical security risks in a clear business context to support decision-making
• Manage multiple assessments and priorities in a fast-paced environment