What we're looking for
* 5+ years of experience in third-party risk management, information security, IT audit, or GRC, preferably within Gaming, Technology, or Consulting
* Deep understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.).
* Proficiency in JIRA and GRC platforms such as OneTrust, ServiceNow, or similar tools, with the ability to lead data analysis and system improvements.
* Demonstrated ability to identify and assess security, privacy, and operational risks with a practical and solutions-oriented mindset.
* Excellent verbal and written communication skills, with the ability to influence and challenge stakeholders at all levels while maintaining constructive relationships.
* Comfortable navigating ambiguity, leading through change, and managing complex or sensitive third-party issues.
* Experience with regulatory requirements related to vendor management and data security is strongly preferred.
* Comfortable working in a cross-functional environment and adapting to changing business and regulatory requirements.
* Understanding of IT Risk Management concepts
* Understanding of the S-SDLC and the Agile Project Methodology
In this role, you will
* Lead third-party risk assessments with a focus on Information Security and GRC, evaluating inherent and residual risks to drive risk-informed decision-making.
* Perform in-depth due diligence on prospective and existing vendors, with an emphasis on cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices.
* Ensure integrity, consistency, and audit-readiness of third-party data within the GRC platform, supporting executive reporting and regulatory compliance.
* Collaborate with key stakeholders across Information Security, Privacy, Legal, Procurement, and Business Units to integrate third-party risk insights into broader enterprise risk initiatives.
* Provide expert guidance during third-party offboarding, ensuring risk is appropriately retired and that data retention, access, and continuity controls are validated.
* Support external audits, internal investigations, and regulatory inquiries by preparing accurate and timely responses related to TPRM practices and control effectiveness.
* Contribute to the enhancement of TPRM policies, playbooks, and metrics to continuously mature the program.