Haystack
← Back to Jobs
Technology

Senior Cybersecurity GRC

BIGDATAAPPTECH LLCNew York, NY🇺🇸United StatesPosted 14 Jul 2026

Quick Overview

Work Type
On Site
Level
Mid Senior

Job Description

Job Title: Senior Cybersecurity GRC & Third Party Risk Consultant
Location: New York, NY (Onsite/Hybrid)
Duration: Long-Term Contract(W2)

Job Description
We are seeking an experienced Senior Cybersecurity GRC & Third Party Risk Consultant to support the implementation and enhancement of Third Party and Fourth Party Risk Management programs. The ideal candidate will have strong expertise in vendor risk management, information security governance, regulatory compliance, and Archer GRC solutions within the banking or financial services industry.

Key Responsibilities
Gather and define business requirements for Third Party and Fourth Party Risk Management initiatives.
Lead the implementation and alignment of SIG 2027 questionnaires, risk domains, and assessment frameworks.
Design and maintain risk taxonomy, risk assessment methodologies, and risk scoring models.
Configure and support RSA Archer TPRM workflows and related GRC processes.
Collaborate with business and technical teams to implement vendor risk workflows, questionnaires, and data models.
Support vendor onboarding, security due diligence, risk assessments, continuous monitoring, and remediation activities.
Ensure compliance with regulatory, governance, audit, and information security requirements.
Participate in User Acceptance Testing (UAT), data validation, issue resolution, and governance approvals.
Develop executive dashboards, KPIs, and risk analytics for vendor risk reporting.
Recommend improvements to Third Party Risk Management processes and governance practices.
Required Skills
10+ years of experience in Third Party Risk Management (TPRM), Vendor Risk Management (VRM), Information Security Risk, or Governance, Risk & Compliance (GRC).
Strong expertise in Third Party and Fourth Party Risk Management frameworks and operating models.
Deep understanding of SIG (Standardized Information Gathering) questionnaires, including SIG 2027.
Experience defining risk taxonomy, risk assessment methodologies, and risk scoring models.
Hands-on experience with RSA Archer TPRM or similar GRC platforms.
Strong knowledge of the vendor lifecycle, including onboarding, due diligence, continuous monitoring, and offboarding.
Experience working with cybersecurity governance, regulatory compliance, and audit frameworks.
Excellent communication, stakeholder management, and documentation skills.

Skills

Stakeholder Management

Similar jobs