Why Work Here?

MorganFranklin Consulting is a management advisory firm that works with leading businesses and government to address complex and transformational finance, technology, cybersecurity, and business objectives.

MorganFranklin's cybersecurity practice helps clients across the globe to solve their most critical cybersecurity needs. From consulting and implementation to managed services and project resourcing, we work to safeguard assets by identifying risks, developing, and maturing cybersecurity programs, and implementing solutions that support and meet business goals. Custom tailored and business-aligned service offerings include:

• Strategy and GRC
• Cybersecurity Operations
• Identity & Access Management
• Incident Response & Risk Intelligence
• Application Security
• Managed Security Services Provider

This is a Vaco employment opportunity aligned to MorganFranklin's cybersecurity offering (Vaco LLC, dba "MorganFranklin Cyber").

Learn what it means to truly own your career and be a part of a growing organization with a big, bold future.

TPRM Project Manager

Overview

Third Party Risk Manager (TPRM) will perform various functions, including being responsible for the implementation, management, and oversight of third-party risk programs for our clients. They will help to improve, develop, and run TPRM process and technologies in support of clients. This role will combine program build activities with management of the day-to-day program execution. The role supports the MorganFranklin Cybersecurity offering of full life cycle third party risk management services.

You Will

• Work with stakeholders and leadership to draft a project plan and timeline
• Lead project collaboration and coordination efforts
• Provide regular updates and reporting as necessary
• Prepare and execute change management strategy for introduction and adoption of a program
• Prepare and deploy training materials for global adoption
• Provide post-go-live application documentation
• Develop on-going maintenance model and provide knowledge transfer
• Capture integration requirements from stakeholders and document development team
• Coordinate and manage user acceptance testing

Qualifications

• Minimum 4 years of experience in any combination of Third-Party Risk Management, Operational Risk Management and/or Information Security Risk Management.
• Experience implementing and utilizing Third-Party Risk Management and/or eGRC systems (Archer/Crowe, OneTrust, ProcessUnity, Venminder, Reciprocity/ZenGRC experience a plus)
• Experience Information Technology or Information Security, or equivalent specialized practical experience and certifications (e.g., CISSP, CISM, CISA, CRISC, etc.)
• Knowledge and experience with regulatory standards and risk assessment and analysis methodologies (e.g., Consumer Privacy, GDPR, PCI-DSS, HITRUST, CMMC, NIST, ISO, etc.)
• Experience in risk governance (e.g., technology, security and/or operational risk) including risk acceptance
• Basic contract management experience which includes reviewing contracts, understanding basic terms and general contract language specifically with regards to Information/Data Security terminology and language
• People leadership experience
• Strong organizational skills (Project/program management experience a plus)