Experienced Third Party Risk Management (TPRM) Specialist – Governance, Risk & Compliance Cybersecurity

Join arenaflex as a Third Party Risk Management (TPRM) Specialist

Are you a seasoned Governance, Risk, and Compliance (GRC) professional with a passion for cybersecurity? Do you thrive in dynamic environments where you can make a meaningful impact on organizational security posture? If so, arenaflex invites you to join our Cybersecurity team as a Third Party Risk Management (TPRM) Specialist. This is a fantastic opportunity to contribute to a world-class security program while working flexibly from the comfort of your own home.

At arenaflex, we believe that strong cybersecurity is the foundation of trust and innovation. As a TPRM Specialist, you will play a critical role in safeguarding our organization by managing third-party and internal risk assessments, ensuring compliance with industry standards, and implementing robust governance frameworks. This position offers the flexibility of remote work with either part-time or full-time arrangements, competitive compensation, and the chance to grow your career with a leader in the industry.

About the Cybersecurity Team at arenaflex

Our Cybersecurity team at arenaflex is comprised of talented professionals who are dedicated to protecting the organization from evolving cyber threats. We don't just respond to risks – we anticipate them. Our team works proactively to develop strategies, implement best practices, and ensure that arenaflex aligns with its business objectives while effectively managing dangers and meeting industry guidelines and standards.

We are constantly pushing the boundaries of technology and innovation in the field of cybersecurity. Our work involves both defensive and offensive security measures, continuous monitoring, and the adoption of cutting-edge solutions to protect our digital assets. At arenaflex, you will be surrounded by like-minded professionals who are passionate about cybersecurity and committed to excellence.

Position Overview

Reporting to the Manager of Governance, Threat and Compliance within Cyber and Information Security, the TPRM Specialist will be responsible for managing third-party and internal risk assessments, supporting compliance initiatives, and ensuring the effective execution of our Governance, Risk, and Compliance program. This role requires a professional who can balance multiple priorities, communicate effectively with business stakeholders, and drive risk management activities forward.

Key Responsibilities

Third Party Risk Management (TPRM)

• Support and enhance arenaflex's Global Third-Party/Internal Risk Program for conducting cyber risk-related due diligence assessments.
• Validate incoming third-party and internal risk assessment requests, working closely with business stakeholders to confirm request details and engagement scope.
• Lead kick-off meetings with business stakeholders and third parties to facilitate thorough risk assessments.
• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submissions for completeness and identifying risks arising from vendor design and operational effectiveness of security controls.
• Document responses, associated findings, and remediation plans in arenaflex's risk management systems.
• Draft and review assessment reports, ensuring business stakeholders provide timely feedback and approvals.
• Serve as a trusted liaison to address queries related to risk control techniques and assessments from business units or third parties as needed.
• Conduct continuous monitoring of third parties through arenaflex's systems for current and new findings, tracking issues to closure.
• Identify opportunities for improvement within arenaflex's systems and processes.
• Collaborate closely with Risk Leads and Supervisors to schedule and execute a range of activities related to the risk management program.

Governance, Threat and Compliance

• Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risks consistent with arenaflex's risk appetite.
• Maintain and document compliance with information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments.
• Lead the development and delivery of compliance and risk education and ongoing communications that help foster a culture of security and compliance.
• Stay current with regulatory changes, new guidelines, technology developments, and internal policy modifications to identify emerging risk areas.
• Lead activities to maintain and guide ISO 27001 certification and other relevant standards.

Essential Qualifications & Experience

• Applicable Bachelor's/Master's degree from an accredited university or equivalent professional experience.
• Minimum of 4 years of experience in Third Party Risk Management, Information Security, and Audit & Compliance Tracking, with at least 2-3 years specifically in TPRM or Internal Audit.
• Preferred experience working with large enterprises and/or major professional services firms.
• Strong working understanding of information security best practices and requirements, including ISO 27001, SOC 2, SSAE 18, and other relevant frameworks.
• Hands-on experience in the management of risk, controls, and compliance programs.
• Knowledge of risk assessment methodologies – both qualitative and quantitative approaches.
• One or more relevant certifications: CISA, CRISC, ISO27001 Lead Auditor/Implementer, or CISSP.

Preferred Qualifications

• Experience with AI/ML security concepts is a plus.
• Advanced knowledge of regulatory frameworks and industry standards.
• Previous experience in a fast-paced, dynamic corporate environment.

Competencies & Skills for Success

• Stakeholder Management: Outstanding ability to manage relationships with internal and external stakeholders, ensuring clear communication and alignment on risk management objectives.
• Analytical Abilities: Strong analytical and problem-solving skills with the ability to assess complex risk scenarios and develop practical mitigation strategies.
• Presentation Skills: Excellent presentation and delivery abilities, capable of communicating risk findings to technical and non-technical audiences.
• Technical Knowledge: Solid understanding of information security principles, frameworks, and best practices.
• Project Management: Ability to manage multiple concurrent assessments and initiatives with attention to detail and deadlines.

Personal Attributes

• Strong interpersonal skills with the ability to build relationships across the organization.
• Adaptability to navigate fast-paced environments and flexibility with working hours when needed.
• Excellent communication skills, both verbal and written.
• Ability to quickly adapt to changing conditions and drive quality outcomes.
• High emotional intelligence and the ability to influence positive change.

What We Offer

At arenaflex, we value our employees and are committed to providing a comprehensive benefits package that supports your professional growth and personal well-being. As part of our team, you will enjoy:

• Competitive annual compensation of $80,000 with performance-based bonus opportunities.
• Flexible work arrangements – choose between part-time or full-time schedules with remote work options.
• Comprehensive health, dental, and vision insurance coverage.
• 401(k) retirement plan with company matching.
• Professional development opportunities, including reimbursement for certifications and training.
• Generous paid time off and holiday schedules.
• Access to cutting-edge tools and technologies for your role.
• A collaborative, inclusive culture that celebrates diversity and innovation.

Career Growth & Learning Opportunities

We believe in investing in our people. At arenaflex, you will have access to continuous learning opportunities, including internal training programs, industry conferences, and certifications support. As you grow in your role, you will have the chance to take on additional responsibilities, lead initiatives, and advance into higher-level positions within the Cybersecurity organization.

Our culture supports career progression, and many of our senior leaders started in individual contributor roles. Whether you aspire to become a Risk Management Lead, Compliance Director, or Chief Information Security Officer, arenaflex provides the foundation and pathway to achieve your career goals.

Work Environment & Culture

Join arenaflex and experience a workplace where your contributions truly matter. We foster an environment of collaboration, innovation, and respect. Our remote work model gives you the flexibility to work from home while staying connected with your team through modern communication tools and regular virtual meetings.

At arenaflex, we embrace diversity and believe that different perspectives make us stronger. We are committed to creating an inclusive workplace where everyone can thrive. Our leadership team is accessible and supportive, and we encourage open communication and feedback at all levels.

Why Join arenaflex?

arenaflex is more than just a company – we are a community of innovators, problem-solvers, and dedicated professionals. By joining our Cybersecurity team, you will be at the forefront of protecting an organization that values excellence, creativity, and integrity. You will work alongside talented colleagues, tackle challenging problems, and make a real impact on our security posture.

If you are ready to take the next step in your career and contribute to a world-class security program, we encourage you to apply today. We are looking for passionate professionals who are eager to grow, learn, and make a difference.

How to Apply

Interested candidates are invited to submit their resume and cover letter for consideration. Please highlight your relevant experience in Third Party Risk Management, your familiarity with industry standards such as ISO 27001 and SOC 2, and your passion for cybersecurity excellence.

At arenaflex, we are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, or any other protected characteristic.

Apply now and become part of a team that is shaping the future of cybersecurity. We look forward to welcoming you to arenaflex!