Third Party Risk Management (TPRM) Manager

Location: Katowice

Hybrid model: 2 days office/3 days remote

Third Party Risk Management (TPRM) Manager

Let us introduce you the job offer by EY GDS Poland – a member of the global integrated service delivery center network by EY.

At EY, we’re all in shape to your future with confidence.

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.​

The opportunity

As a Third Party Risk Management (TPRM) Manager, you’ll work with cross‑functional teams across procurement, security, legal and compliance to build scalable third‑party risk programs. You will support the full vendor lifecycle—from inherent risk scoping and due diligence to contract governance, ongoing monitoring and issue remediation—leveraging market‑leading platforms and recognized risk frameworks.

We support end–to–end engagement lifecycle and project management activities that are essential to every engagement, region and competencies. We help in project coordination & management, financial analysis, engagement compliance & governance requirements across industries and countries.

Your key responsibilities

• Design and implement risk‑based vendor lifecycle processes (inherent risk tiering 1-3, due diligence, onboarding, monitoring, off‑boarding)
• Execute and/or lead third‑party assessments using standardized questionnaires and evidence reviews (i.e.  SOC 2, ISO/IEC 27001 certificates)
• Align TPRM controls and reporting with enterprise risk appetite and ISO 31000/ISO 27005 methods; maintain risk registers and remediation plans
• Translate GDPR Art.28, NIS2 supply‑chain requirements and DORA ICT third‑party obligations into actionable operating procedures and contract clauses
• Configure and run workflows in TPRM/VRM platforms (i.e. Archer, ServiceNow IRM, AuditBoard, ProcessUnity) and integrate with ticketing/CMDB where relevant
• Assess financial, operational, information security and resilience risks, including concentration risk and fourth‑party dependencies
• Collaborate with Legal/Procurement to embed audit rights, breach notification, data protection and exit strategy language into contracts
• Establish metrics and dashboards for executives and risk committees; present findings and drive risk treatment decisions
• Coordinate remediation and follow‑up, tracking issues to closure and validating effectiveness of corrective actions
• Contribute to playbooks, training and awareness to scale TPRM capabilities across business units
• Support quality and risk management needs across Consulting practices

Skills and attributes for success

• Strong stakeholder engagement and the ability to translate technical risk into business‑relevant language.
• Analytical rigor—synthesizing evidence from questionnaires, ratings, audits and financials into clear recommendations.
• Project management discipline across multi‑workstream implementations and process rollouts.
• Understanding of ERM principles and how vendor risk links to business objectives and resilience.
• Excellent written and verbal communication in English; confident presenting to senior stakeholders.
• Strong computer skills, including advanced Microsoft suit (Excel, PowerPoint presentation etc.) 
• Strong attention to detail even when dealing with routine tasks
• Assertive, with strong influencing skills
• Prior experience working with Global cliental preferred
• Confident to deal with senior level contacts, internally and externally  
• Able to effectively summarize and conclude on work, applying appropriate documentation standards
• Able to effectively prioritize and execute tasks in a high-pressure environment

To qualify for the role, you must have

• 5-10 years of experience in third‑party/vendor risk, information security, audit or related risk roles
• Hands‑on exposure to at least one TPRM/VRM platform (i.e. Archer, ServiceNow IRM, AuditBoard, ProcessUnity) and strong Excel/PowerPoint skills
• Working knowledge of GDPR Art.28 obligations, NIS2 supply‑chain expectations and (for financial clients) DORA third‑party requirements
• Familiarity with ISO 31000/27005 and ISO/IEC 27001 control concepts; ability to review SOC 2 and security evidence
• Strong English communication - both written and verbal
• Computer skills, including advanced Microsoft Office (World, Excel, Power Point) 
• Ability to function as part of a team but also as individual performer
• Willingness to learn and develop
• Proactiveness and flexibility
• Confident to deal with senior level contacts

Ideally, you’ll also have

• Working knowledge of AI Risk & Ethics (ISO 42001, EU AI Act)
• Certifications such as CRISC, CISA, CISM or CISSP
• Experience in financial services or other highly regulated sectors; understanding of concentration and systemic risk
• Experience with vulnerability/risk data scanning tools (i.e. Qualys, Nessus) to inform supplier assessments
• Additional EU language will be an advantage

What we look for

We are looking for ambitious individuals interested in working in global dynamic environment. We are interested in people who would like to develop and upskill themselves as well as cooperate and support others.

Working model

Hybrid working model consisting of 2 days in the office and 3 days working remotely, with office locations in Wroclaw or Katowice, and occasional business travel, depending on project and client needs.

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across ten locations –  Argentina, China, Hungary, India, the Philippines, Poland, Sri Lanka, Mexico, Spain and the United Kingdom – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

About EY

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

In compliance with the requirements of the Whistleblower Protection Act, our company has established the Procedure for reporting breaches of law and undertaking appropriate follow-up actions. Any misconduct should be reported through the EY Ethics Hotline.