• Partnering closely with the Director of Enterprise Data Management & Business Intelligence, this role will assume day-to-day ownership of the newly established Enterprise Data Governance framework, sponsored by senior leadership to drive coordination, continuous improvement, and long-term maturation across the organization. • In parallel, this individual will contribute to Power BI standards, training, and best practices, helping to expand BI capacity on a small but high-impact team. • This role requires a highly self-directed, proactive individual who can independently identify needs, initiate action, and advance priorities. • The ideal candidate is a governance practitioner first, experienced in operationalizing frameworks, managing workgroups, and building data stewardship culture, who also brings hands-on Power BI skills and a genuine interest in enabling others to use data effectively.

Role Description We are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries. As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will: - Design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements. - Act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services. Key Responsibilities: - TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models. - Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC. - Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities. - Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies. - Framework Design & Governance: Design and implement scalable Third Party Risk frameworks, policies, standards, and operating models. - Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives. - Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports). - Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains. - Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings. Qualifications - Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains. - CISA (Certified Information Systems Auditor) strongly preferred. - Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable. - Additional certifications such as CISM, CRISC, CISSP are an advantage. - Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology). - Experience with regulatory-driven environments and compliance-led transformation programmes. Requirements - Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level. - Strong background as Security Assessor, Auditor, and Risk Consultant. - Proven experience leading TPRM, vendor risk, and supplier assurance programmes. - Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements. - Strong knowledge of regulatory and security frameworks: ISO 27001, NIST, SOC2, GDPR, DORA, NIS2, etc. - Hands-on experience with GRC / TPRM platforms, specifically OneTrust. - Ability to design and implement third-party risk frameworks, policies, and governance models. - Strong stakeholder management skills at executive and board level. - Proven people management experience, including team leadership and mentoring. - Ability to balance security, risk, compliance, and business enablement. Benefits - Industry-leading compensation and benefits. - Top training and development opportunities.

• Gathers, analyzes, and presents information on various risk management initiatives • Manages certificate of insurance requests, security arrangements and inquiries for international travel • Maintains vital risk management information • Manages all certificate of insurance requests including handling non-standard broker and carrier requests • Ensures new certificates are correct and making modifications as needed to ensure compliance with contract provisions • Leads in designing and advising on business resiliency documents with the field and internal stakeholders • Provides guidance for improvement to field office contacts • Maintains accurate documentation • Handles security arrangements and inquiries for international travelers • Communicates with executives and vendors to review risk levels and determine the appropriate levels of secured journey management to be put into place • Anticipates and acts on expedited changes as they occur • Acts as a subject matter expert on risk-related projects and initiatives • Gathers quarterly bordereau claims reporting information and provides to leadership and the appropriate broker(s) • Analyzes risk management snapshots of each office by auditing information through OneTrust • Identifies risk throughout the organization, developing, reporting, and monitoring on risk management issues • Creates reports, summaries, and presentations to communicate findings to key stakeholders within the business • Develops methodologies for the assessment of risks throughout the organization • Collaborates with other team members to effectively analyze and present data • Develops systems and processes for gathering and storing data for future analytic projects • Evaluates physical security audit tracking for ISO standard • Collects information on foreign insurance placements on an ongoing basis and keeps tracking documents up to date • Liaises with internal stakeholders to maintain the field office contact listing on a monthly basis • Reviews contracts

• Identify, assess, and mitigate risks arising from internal processes, systems, and external fraud events to prevent financial loss, reputational damage, and regulatory breaches • Monitor key risk indicators (KRIs) • Analyze internal reports • Strengthen internal controls • Conduct financial investigations • Conduct trade reviews by analyzing data to identify suspicious patterns indicating fraud, identity theft, or money laundering • Evaluate risk associated with newly onboarded AND existing clients/financial advisors • Conduct various KYC checks as needed • Monitor, detect, and resolve issues related to fraud and identify theft • Work with cross-functional teams to facilitate financial transactions, embed a risk-aware culture, and provide training on best practices • Testing as an end user for enhancements to processes