Experienced Third-Party Risk Management (TPRM) Cybersecurity Specialist – Governance, Risk, Compliance & Data Protection
Join arenaflex as a GRC Cybersecurity Professional
Are you ready to take your career in Cybersecurity Governance, Risk, and Compliance (GRC) to the next level? arenaflex is looking for an experienced and dedicated professional to join our dynamic Cyber & Data Security team. In this role, you will be instrumental in guiding GRC-related activities and ensuring the clean, efficient execution of critical cybersecurity tasks within our organization.
At arenaflex, we believe that robust cybersecurity is the foundation of trust and innovation. As our Third-Party Risk Management (TPRM) Specialist, you will play a pivotal role in protecting our organization from cyber threats while enabling business growth through strategic risk management. This is a remote position offering flexibility for both part-time and full-time arrangements, with a competitive annual compensation of $80,000.
About the arenaflex Cybersecurity Team
Our Cybersecurity team at arenaflex consists of talented professionals who are passionate about formulating and implementing strategies that help our organization align with its commercial objectives while managing risks effectively and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
As a member of our team, you will collaborate with stakeholders across the organization to ensure that our third-party risk management program operates at the highest level of effectiveness. You will have the opportunity to work with industry-leading tools, frameworks, and best practices while contributing to our organization's overall security posture.
Position Overview
This position reports to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division. The successful candidate will be responsible for managing our third-party/internal threat control software, overseeing internal safety compliance requirements, and implementing regulations, tactics, and frameworks at arenaflex.
Key Responsibilities
Third-Party Risk Management (TPRM)
Manage and support the organization's Third-Party/Internal Risk Management Software platform
Assist in implementing and maintaining arenaflex's Global Third-Party/Internal Risk Method for conducting cyber danger-related due diligence examinations
Validate incoming third-party/internal danger assessment requests, working closely with business stakeholders to confirm request details and engagement scope
Conduct kick-off meetings with business stakeholders and relevant third parties for conducting thorough third-party assessments
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness
Analyze and determine risks arising from the contemporary design and operational effectiveness of internal/third party's security controls
Document responses, associated findings, and remediation plans in arenaflex's systems
Draft and review assessment reports while ensuring respective business stakeholders finalize critiques in a timely manner
Serve as a strong liaison to address queries concerning risk control techniques and evaluations for business or third parties as required
Perform continuous tracking of third parties via arenaflex's systems for current and new findings, tracking any findings to closure
Identify opportunities for improvement within arenaflex's systems and strategies
Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat and Compliance
Lead and support the development of cybersecurity hazard and compliance-related strategies to ensure treatment of cybersecurity risk consistent with arenaflex's risk appetite
Maintain and document compliance towards information safety associated guidelines and processes through planning, checking, remediating, tracking, and reporting on control critiques and threat checks
Lead development and delivery of compliance and risk education and ongoing communications that help power a culture of protection and compliance
Stay current with regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk regions
Lead activities to maintain and guide ISO 27001 standards across the organization
Ensure adherence to SOC 2 requirements, SSAE 16/18 standards, and other relevant security frameworks
Essential Qualifications
Bachelor's or Master's degree from an accredited university or equivalent professional experience
Minimum of 4 years of experience in Third-Party Risk Control, information security, and audit and compliance tracking (with at least 2-3 years specifically in TPRM or Internal Audit)
Working understanding of information security related best practices and requirements including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements
Experience in the management of hazard, controls, and compliance
Knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Strong analytical and problem-solving abilities
Excellent presentation making and delivery abilities
Outstanding stakeholder management skills
Preferred Experience & Credentials
Experience working with a large enterprise and/or Big Four accounting firm is preferred
One or more of the following certifications: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP
Experience in AI/ML as it relates to cybersecurity and risk management is a plus
Familiarity with specialized TPRM software platforms and tools
Competencies & Attributes for Success
Technical Competencies
Strong understanding of information security frameworks and standards
Proficiency in risk assessment and management methodologies
Knowledge of regulatory compliance requirements
Experience with audit and compliance tracking systems
Ability to analyze complex security controls and identify vulnerabilities
Personal Attributes
Robust interpersonal abilities with the capacity to build strong relationships across the organization
Ability to navigate fast-paced environments and demonstrate flexibility with working hours
Excellent communication skills, both verbal and written
Quick adaptability to changing conditions and ability to drive quality change
Strong attention to detail while maintaining strategic perspective
Ability to work independently and as part of a collaborative team
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development of our team members. This role offers exceptional opportunities for career advancement within the cybersecurity and governance space. You will gain hands-on experience with industry-leading frameworks, work alongside experienced cybersecurity professionals, and develop expertise in third-party risk management that is highly valued in today's security landscape.
You will have access to continuous learning resources, professional development programs, and certification support to help you advance in your career. As you grow within arenaflex, you will have the opportunity to take on increased responsibilities, lead strategic initiatives, and potentially move into management positions within our cybersecurity organization.
Work Environment & Culture
arenaflex embraces a flexible work-from-home culture that promotes work-life balance while maintaining high standards of collaboration and communication. Our remote work environment is designed to support productivity and innovation, allowing you to contribute your best work from the comfort of your own space.
We foster a culture of continuous improvement, open communication, and mutual respect. Our team values diverse perspectives and encourages creative problem-solving. You'll find that arenaflex is more than just a workplace – it's a community where your contributions matter and your professional growth is prioritized.
Compensation & Benefits
We offer a competitive annual salary of $80,000 for this position, with flexibility for part-time or full-time arrangements. In addition to competitive compensation, arenaflex provides a comprehensive benefits package that includes:
Health, dental, and vision insurance coverage
401(k) retirement plan with company matching
Paid time off and holiday schedule
Professional development and certification support
Remote work equipment allowance
Performance bonuses and incentives
Employee assistance programs
Why Join arenaflex?
arenaflex is at the forefront of cybersecurity innovation, providing an environment where talented professionals can thrive and make meaningful contributions to organizational security. By joining our team, you will become part of a forward-thinking organization that values integrity, excellence, and continuous improvement.
This is an excellent opportunity for experienced GRC professionals who are looking to advance their careers in a supportive, remote-friendly environment. You will work on meaningful projects that directly impact the organization's security posture while developing your expertise in third-party risk management and compliance.
How to Apply
If you are ready to take the next step in your cybersecurity career and meet the qualifications outlined above, we encourage you to apply today. This is your chance to join a dynamic team, work with industry-leading technologies, and contribute to the protection of critical organizational assets.
Don't miss this exciting opportunity to grow with arenaflex – apply now and become part of a team that is shaping the future of cybersecurity governance and risk management!
Are you ready to take your career in Cybersecurity Governance, Risk, and Compliance (GRC) to the next level? arenaflex is looking for an experienced and dedicated professional to join our dynamic Cyber & Data Security team. In this role, you will be instrumental in guiding GRC-related activities and ensuring the clean, efficient execution of critical cybersecurity tasks within our organization.
At arenaflex, we believe that robust cybersecurity is the foundation of trust and innovation. As our Third-Party Risk Management (TPRM) Specialist, you will play a pivotal role in protecting our organization from cyber threats while enabling business growth through strategic risk management. This is a remote position offering flexibility for both part-time and full-time arrangements, with a competitive annual compensation of $80,000.
About the arenaflex Cybersecurity Team
Our Cybersecurity team at arenaflex consists of talented professionals who are passionate about formulating and implementing strategies that help our organization align with its commercial objectives while managing risks effectively and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.
As a member of our team, you will collaborate with stakeholders across the organization to ensure that our third-party risk management program operates at the highest level of effectiveness. You will have the opportunity to work with industry-leading tools, frameworks, and best practices while contributing to our organization's overall security posture.
Position Overview
This position reports to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division. The successful candidate will be responsible for managing our third-party/internal threat control software, overseeing internal safety compliance requirements, and implementing regulations, tactics, and frameworks at arenaflex.
Key Responsibilities
Third-Party Risk Management (TPRM)
Manage and support the organization's Third-Party/Internal Risk Management Software platform
Assist in implementing and maintaining arenaflex's Global Third-Party/Internal Risk Method for conducting cyber danger-related due diligence examinations
Validate incoming third-party/internal danger assessment requests, working closely with business stakeholders to confirm request details and engagement scope
Conduct kick-off meetings with business stakeholders and relevant third parties for conducting thorough third-party assessments
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness
Analyze and determine risks arising from the contemporary design and operational effectiveness of internal/third party's security controls
Document responses, associated findings, and remediation plans in arenaflex's systems
Draft and review assessment reports while ensuring respective business stakeholders finalize critiques in a timely manner
Serve as a strong liaison to address queries concerning risk control techniques and evaluations for business or third parties as required
Perform continuous tracking of third parties via arenaflex's systems for current and new findings, tracking any findings to closure
Identify opportunities for improvement within arenaflex's systems and strategies
Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat and Compliance
Lead and support the development of cybersecurity hazard and compliance-related strategies to ensure treatment of cybersecurity risk consistent with arenaflex's risk appetite
Maintain and document compliance towards information safety associated guidelines and processes through planning, checking, remediating, tracking, and reporting on control critiques and threat checks
Lead development and delivery of compliance and risk education and ongoing communications that help power a culture of protection and compliance
Stay current with regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk regions
Lead activities to maintain and guide ISO 27001 standards across the organization
Ensure adherence to SOC 2 requirements, SSAE 16/18 standards, and other relevant security frameworks
Essential Qualifications
Bachelor's or Master's degree from an accredited university or equivalent professional experience
Minimum of 4 years of experience in Third-Party Risk Control, information security, and audit and compliance tracking (with at least 2-3 years specifically in TPRM or Internal Audit)
Working understanding of information security related best practices and requirements including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements
Experience in the management of hazard, controls, and compliance
Knowledge of risk assessment methodologies – both qualitative and quantitative approaches
Strong analytical and problem-solving abilities
Excellent presentation making and delivery abilities
Outstanding stakeholder management skills
Preferred Experience & Credentials
Experience working with a large enterprise and/or Big Four accounting firm is preferred
One or more of the following certifications: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP
Experience in AI/ML as it relates to cybersecurity and risk management is a plus
Familiarity with specialized TPRM software platforms and tools
Competencies & Attributes for Success
Technical Competencies
Strong understanding of information security frameworks and standards
Proficiency in risk assessment and management methodologies
Knowledge of regulatory compliance requirements
Experience with audit and compliance tracking systems
Ability to analyze complex security controls and identify vulnerabilities
Personal Attributes
Robust interpersonal abilities with the capacity to build strong relationships across the organization
Ability to navigate fast-paced environments and demonstrate flexibility with working hours
Excellent communication skills, both verbal and written
Quick adaptability to changing conditions and ability to drive quality change
Strong attention to detail while maintaining strategic perspective
Ability to work independently and as part of a collaborative team
Career Growth & Learning Opportunities
At arenaflex, we are committed to the professional development of our team members. This role offers exceptional opportunities for career advancement within the cybersecurity and governance space. You will gain hands-on experience with industry-leading frameworks, work alongside experienced cybersecurity professionals, and develop expertise in third-party risk management that is highly valued in today's security landscape.
You will have access to continuous learning resources, professional development programs, and certification support to help you advance in your career. As you grow within arenaflex, you will have the opportunity to take on increased responsibilities, lead strategic initiatives, and potentially move into management positions within our cybersecurity organization.
Work Environment & Culture
arenaflex embraces a flexible work-from-home culture that promotes work-life balance while maintaining high standards of collaboration and communication. Our remote work environment is designed to support productivity and innovation, allowing you to contribute your best work from the comfort of your own space.
We foster a culture of continuous improvement, open communication, and mutual respect. Our team values diverse perspectives and encourages creative problem-solving. You'll find that arenaflex is more than just a workplace – it's a community where your contributions matter and your professional growth is prioritized.
Compensation & Benefits
We offer a competitive annual salary of $80,000 for this position, with flexibility for part-time or full-time arrangements. In addition to competitive compensation, arenaflex provides a comprehensive benefits package that includes:
Health, dental, and vision insurance coverage
401(k) retirement plan with company matching
Paid time off and holiday schedule
Professional development and certification support
Remote work equipment allowance
Performance bonuses and incentives
Employee assistance programs
Why Join arenaflex?
arenaflex is at the forefront of cybersecurity innovation, providing an environment where talented professionals can thrive and make meaningful contributions to organizational security. By joining our team, you will become part of a forward-thinking organization that values integrity, excellence, and continuous improvement.
This is an excellent opportunity for experienced GRC professionals who are looking to advance their careers in a supportive, remote-friendly environment. You will work on meaningful projects that directly impact the organization's security posture while developing your expertise in third-party risk management and compliance.
How to Apply
If you are ready to take the next step in your cybersecurity career and meet the qualifications outlined above, we encourage you to apply today. This is your chance to join a dynamic team, work with industry-leading technologies, and contribute to the protection of critical organizational assets.
Don't miss this exciting opportunity to grow with arenaflex – apply now and become part of a team that is shaping the future of cybersecurity governance and risk management!