Direct message the job poster from Kerry Consulting
We are seeking a detail-oriented and experienced IT Third Party Risk professional to join our team.
In this role, you will be responsible for assessing, monitoring, and managing IT and cybersecurity risks associated with third-party vendors and service providers.
You will work closely with cross-functional stakeholders across Procurement, Legal, Compliance, Cybersecurity, and IT to ensure third-party risks are identified, evaluated, and effectively mitigated throughout the vendor lifecycle.
Responsibilities
Lead and perform IT risk assessments on third-party vendors and service providers, including cloud services, SaaS, infrastructure providers, and managed services.
Define and maintain the third-party risk management (TPRM) framework, processes, and controls in alignment with internal policies, regulatory requirements, and industry best practices.
Collaborate with procurement and business units during vendor onboarding and renewal to conduct due diligence, risk reviews, and control assessments.
Evaluate vendor responses to security questionnaires and assess supporting documentation (e.g., SOC reports, ISO certifications, penetration test results).
Track and monitor identified risks, issues, and remediation plans with third-party vendors to ensure timely resolution.
Conduct periodic reassessments of critical vendors to ensure ongoing compliance with security and data protection requirements.
Support regulatory, audit, and internal reporting requirements by maintaining accurate and comprehensive third-party risk records.
Contribute to the development of risk metrics, dashboards, and reports for senior management and governance forums.
Stay current on regulatory developments and emerging risks related to third-party risk management and cybersecurity.
Qualifications
Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field.
3-7 years of experience in IT risk management, third-party/vendor risk assessment, or cybersecurity in a regulated industry
Strong knowledge of IT controls and security frameworks
Familiarity with regulatory requirements such as MAS TRM, GDPR, PDPA, or equivalent.
Experience in reviewing technical documents such as SOC reports, penetration tests, and cloud security
Excellent stakeholder management, communication, and analytical skills.
To apply
If you're interested to apply or find out more, please share your CV or reach out to Chen Yi at for a discussion.
Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R
Lic: 16S8060
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Information Services
#J-18808-Ljbffr