[Hiring] Third Party Risk Management (TPRM) Consultant - Principal @Infosys Consulting - Europe

Role Description

We are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries.

As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will:

• Design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements.
• Act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services.

Key Responsibilities:

• TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models.
• Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC.
• Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities.
• Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies.
• Framework Design & Governance: Design and implement scalable Third Party Risk frameworks, policies, standards, and operating models.
• Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives.
• Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports).
• Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains.
• Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings.

Qualifications

• Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.
• CISA (Certified Information Systems Auditor) strongly preferred.
• Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.
• Additional certifications such as CISM, CRISC, CISSP are an advantage.
• Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology).
• Experience with regulatory-driven environments and compliance-led transformation programmes.

Requirements

• Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.
• Strong background as Security Assessor, Auditor, and Risk Consultant.
• Proven experience leading TPRM, vendor risk, and supplier assurance programmes.
• Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.
• Strong knowledge of regulatory and security frameworks: ISO 27001, NIST, SOC2, GDPR, DORA, NIS2, etc.
• Hands-on experience with GRC / TPRM platforms, specifically OneTrust.
• Ability to design and implement third-party risk frameworks, policies, and governance models.
• Strong stakeholder management skills at executive and board level.
• Proven people management experience, including team leadership and mentoring.
• Ability to balance security, risk, compliance, and business enablement.

Benefits

• Industry-leading compensation and benefits.
• Top training and development opportunities.