Experienced Third Party Risk Management (TPRM) & Governance Compliance Professional – Remote Cybersecurity Role
---
About arenaflex
Welcome to arenaflex, where innovation meets inspiration in the dynamic world of cybersecurity and digital protection. At arenaflex, we believe that safeguarding information and maintaining robust governance frameworks is more than just a business necessity—it's a cornerstone of trust in today's interconnected digital landscape. As a leading organization committed to excellence in cybersecurity governance, risk management, and compliance, we are dedicated to protecting our assets, stakeholders, and partners through cutting-edge security practices and meticulous regulatory adherence.
Our cybersecurity team comprises talented professionals who specialize in developing and implementing strategies that align organizational objectives with robust security measures. We navigate the complex terrain of cyber threats with precision, ensuring that our enterprise remains resilient, compliant, and ahead of emerging risks. At arenaflex, you will find an environment that values continuous learning, professional growth, and the opportunity to make a meaningful impact in the world of information security.
We are currently seeking a highly skilled and experienced Third Party Risk Management (TPRM) & Governance Compliance Professional to join our Cyber and Data Safety division. This is a remote position offering flexibility with both part-time and full-time arrangements, competitive compensation, and the chance to work with a globally recognized organization committed to excellence in cybersecurity governance.
Position Overview
As a Third Party Risk Management & Governance Compliance Professional at arenaflex, you will play a critical role in guiding and executing GRC-related activities to ensure the seamless operation of our cybersecurity programs. You will be responsible for managing our third-party/internal threat control software, overseeing internal safety compliance requirements, and implementing industry-leading regulations, tactics, and frameworks.
This position reports directly to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety department. You will collaborate closely with business stakeholders, internal teams, and external partners to conduct comprehensive risk assessments, due diligence examinations, and ongoing monitoring activities.
Key Responsibilities
Third Party Risk Management (TPRM)
Lead and support the implementation and management of our Third Party/Internal Risk Management software platform
Execute arenaflex's global third-party/internal risk methodology for conducting cyber threat-related due diligence assessments
Validate incoming third-party and internal risk assessment requests, working collaboratively with business stakeholders to confirm request details and engagement scope
Conduct kick-off sessions with business stakeholders and relevant third parties to initiate thorough risk assessments
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submissions for completeness and identifying risks arising from the design and operational effectiveness of security controls
Document responses, associated findings, and remediation plans within arenaflex's risk management systems
Draft and review comprehensive assessment reports, ensuring appropriate business stakeholder review and finalization
Serve as a strong liaison to address inquiries related to risk control methodologies and assessments for internal business units or third parties as required
Perform continuous tracking of third-party relationships through arenaflex's systems for current and new findings, driving findings to timely closure
Identify opportunities for improvement within arenaflex's systems and processes
Work closely with Risk Lead/Supervisor to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat, and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure appropriate treatment of cybersecurity risks consistent with arenaflex's risk appetite
Maintain and document compliance with information security-related guidelines and processes through systematic planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education programs and ongoing communications that help foster a culture of security and compliance
Stay current with regulatory changes, new guidelines, technology advancements, and internal policy modifications to proactively identify emerging risk areas
Lead activities to maintain and guide ISO 27001 certification standards
Support the implementation of industry best practices including ISO 2700x, SOC 2, SSAE 16/18 requirements
Essential Qualifications
Education
Bachelor's or Master's degree from an accredited university in Information Security, Computer Science, Business Administration, or equivalent professional experience
Experience
Minimum of 4 years of experience in Third Party Risk Management, Information Security, and Audit & Compliance Tracking
At least 2-3 years of specific experience in TPRM or Internal Audit functions
Preferred experience working with large enterprises and/or major consulting firms
Technical Knowledge & Competencies
Strong working understanding of information security best practices and requirements including ISO 2700x, SOC 2, SSAE 16/18
Proven experience in risk, controls, and compliance management
Knowledge of risk assessment methodologies—both qualitative and quantitative approaches
Exceptional analytical and problem-solving abilities
Strong presentation and delivery capabilities
Professional Certifications (Preferred)
CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
ISO27001 Lead Implementer/Auditor
CISSP (Certified Information Systems Security Professional)
Experience in AI/ML security is considered a plus
Personal Attributes for Success
Outstanding Stakeholder Management: Ability to build strong relationships with internal and external stakeholders, communicate effectively at all levels, and drive collaborative outcomes
Adaptability: Ability to navigate fast-paced environments and demonstrate flexibility with working hours to meet evolving business needs
Excellent Communication: Superior verbal and written communication skills with the ability to translate complex technical concepts for diverse audiences
Change Agent: Ability to adapt quickly to changing conditions and drive quality improvement initiatives
Interpersonal Skills: Strong interpersonal abilities with a collaborative approach to teamwork
Problem-Solving Mindset: Proactive approach to identifying risks and developing practical mitigation strategies
Work Environment & Culture
At arenaflex, we pride ourselves on fostering a supportive, innovative, and inclusive work culture. As a remote team member, you will enjoy:
Flexible work arrangements with both part-time and full-time options
Comprehensive onboarding and ongoing professional development opportunities
Access to cutting-edge tools and technologies for risk management
Collaborative team environment with regular communication and support
Exposure to diverse projects and cross-functional teams
Mentorship from industry experts and leaders in cybersecurity
Career advancement opportunities within our growing organization
Compensation & Benefits
We offer a competitive annual salary of $80,000 commensurate with experience and qualifications. In addition to base compensation, arenaflex provides a comprehensive benefits package including:
Health, dental, and vision insurance coverage
Retirement savings plans with company matching
Paid time off and flexible scheduling
Professional development reimbursement
Technology stipend for home office setup
Wellness programs and employee assistance resources
Career Growth Opportunities
Joining arenaflex means becoming part of an organization that invests in your professional growth. As you excel in your role, you will have access to advanced training programs, certification sponsorships, and clear pathways to senior leadership positions within the cybersecurity domain. We encourage continuous learning and provide platforms for you to expand your expertise in emerging areas such as AI/ML security, zero-trust architectures, and advanced threat intelligence.
How to Apply
If you are a dedicated professional with a passion for cybersecurity governance, risk management, and compliance, we invite you to join our team at arenaflex. This is an exceptional opportunity to contribute to a world-class security program while advancing your career in a supportive and innovative environment.
To apply for this position, please submit your resume and cover letter highlighting your relevant experience and qualifications. Our recruitment team will review applications and contact qualified candidates for further discussions.
arenaflex is an equal opportunity employer committed to diversity and inclusion. We welcome applications from all qualified individuals regardless of race, color, religion, gender, sexual orientation, national origin, age, disability, or any other protected characteristic.
Apply now and become part of a team that's shaping the future of cybersecurity governance! We look forward to welcoming you to arenaflex.
About arenaflex
Welcome to arenaflex, where innovation meets inspiration in the dynamic world of cybersecurity and digital protection. At arenaflex, we believe that safeguarding information and maintaining robust governance frameworks is more than just a business necessity—it's a cornerstone of trust in today's interconnected digital landscape. As a leading organization committed to excellence in cybersecurity governance, risk management, and compliance, we are dedicated to protecting our assets, stakeholders, and partners through cutting-edge security practices and meticulous regulatory adherence.
Our cybersecurity team comprises talented professionals who specialize in developing and implementing strategies that align organizational objectives with robust security measures. We navigate the complex terrain of cyber threats with precision, ensuring that our enterprise remains resilient, compliant, and ahead of emerging risks. At arenaflex, you will find an environment that values continuous learning, professional growth, and the opportunity to make a meaningful impact in the world of information security.
We are currently seeking a highly skilled and experienced Third Party Risk Management (TPRM) & Governance Compliance Professional to join our Cyber and Data Safety division. This is a remote position offering flexibility with both part-time and full-time arrangements, competitive compensation, and the chance to work with a globally recognized organization committed to excellence in cybersecurity governance.
Position Overview
As a Third Party Risk Management & Governance Compliance Professional at arenaflex, you will play a critical role in guiding and executing GRC-related activities to ensure the seamless operation of our cybersecurity programs. You will be responsible for managing our third-party/internal threat control software, overseeing internal safety compliance requirements, and implementing industry-leading regulations, tactics, and frameworks.
This position reports directly to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety department. You will collaborate closely with business stakeholders, internal teams, and external partners to conduct comprehensive risk assessments, due diligence examinations, and ongoing monitoring activities.
Key Responsibilities
Third Party Risk Management (TPRM)
Lead and support the implementation and management of our Third Party/Internal Risk Management software platform
Execute arenaflex's global third-party/internal risk methodology for conducting cyber threat-related due diligence assessments
Validate incoming third-party and internal risk assessment requests, working collaboratively with business stakeholders to confirm request details and engagement scope
Conduct kick-off sessions with business stakeholders and relevant third parties to initiate thorough risk assessments
Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submissions for completeness and identifying risks arising from the design and operational effectiveness of security controls
Document responses, associated findings, and remediation plans within arenaflex's risk management systems
Draft and review comprehensive assessment reports, ensuring appropriate business stakeholder review and finalization
Serve as a strong liaison to address inquiries related to risk control methodologies and assessments for internal business units or third parties as required
Perform continuous tracking of third-party relationships through arenaflex's systems for current and new findings, driving findings to timely closure
Identify opportunities for improvement within arenaflex's systems and processes
Work closely with Risk Lead/Supervisor to schedule and execute a range of supporting activities related to the risk management program
Governance, Threat, and Compliance
Lead and support the development of cybersecurity risk and compliance-related strategies to ensure appropriate treatment of cybersecurity risks consistent with arenaflex's risk appetite
Maintain and document compliance with information security-related guidelines and processes through systematic planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
Lead the development and delivery of compliance and risk education programs and ongoing communications that help foster a culture of security and compliance
Stay current with regulatory changes, new guidelines, technology advancements, and internal policy modifications to proactively identify emerging risk areas
Lead activities to maintain and guide ISO 27001 certification standards
Support the implementation of industry best practices including ISO 2700x, SOC 2, SSAE 16/18 requirements
Essential Qualifications
Education
Bachelor's or Master's degree from an accredited university in Information Security, Computer Science, Business Administration, or equivalent professional experience
Experience
Minimum of 4 years of experience in Third Party Risk Management, Information Security, and Audit & Compliance Tracking
At least 2-3 years of specific experience in TPRM or Internal Audit functions
Preferred experience working with large enterprises and/or major consulting firms
Technical Knowledge & Competencies
Strong working understanding of information security best practices and requirements including ISO 2700x, SOC 2, SSAE 16/18
Proven experience in risk, controls, and compliance management
Knowledge of risk assessment methodologies—both qualitative and quantitative approaches
Exceptional analytical and problem-solving abilities
Strong presentation and delivery capabilities
Professional Certifications (Preferred)
CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
ISO27001 Lead Implementer/Auditor
CISSP (Certified Information Systems Security Professional)
Experience in AI/ML security is considered a plus
Personal Attributes for Success
Outstanding Stakeholder Management: Ability to build strong relationships with internal and external stakeholders, communicate effectively at all levels, and drive collaborative outcomes
Adaptability: Ability to navigate fast-paced environments and demonstrate flexibility with working hours to meet evolving business needs
Excellent Communication: Superior verbal and written communication skills with the ability to translate complex technical concepts for diverse audiences
Change Agent: Ability to adapt quickly to changing conditions and drive quality improvement initiatives
Interpersonal Skills: Strong interpersonal abilities with a collaborative approach to teamwork
Problem-Solving Mindset: Proactive approach to identifying risks and developing practical mitigation strategies
Work Environment & Culture
At arenaflex, we pride ourselves on fostering a supportive, innovative, and inclusive work culture. As a remote team member, you will enjoy:
Flexible work arrangements with both part-time and full-time options
Comprehensive onboarding and ongoing professional development opportunities
Access to cutting-edge tools and technologies for risk management
Collaborative team environment with regular communication and support
Exposure to diverse projects and cross-functional teams
Mentorship from industry experts and leaders in cybersecurity
Career advancement opportunities within our growing organization
Compensation & Benefits
We offer a competitive annual salary of $80,000 commensurate with experience and qualifications. In addition to base compensation, arenaflex provides a comprehensive benefits package including:
Health, dental, and vision insurance coverage
Retirement savings plans with company matching
Paid time off and flexible scheduling
Professional development reimbursement
Technology stipend for home office setup
Wellness programs and employee assistance resources
Career Growth Opportunities
Joining arenaflex means becoming part of an organization that invests in your professional growth. As you excel in your role, you will have access to advanced training programs, certification sponsorships, and clear pathways to senior leadership positions within the cybersecurity domain. We encourage continuous learning and provide platforms for you to expand your expertise in emerging areas such as AI/ML security, zero-trust architectures, and advanced threat intelligence.
How to Apply
If you are a dedicated professional with a passion for cybersecurity governance, risk management, and compliance, we invite you to join our team at arenaflex. This is an exceptional opportunity to contribute to a world-class security program while advancing your career in a supportive and innovative environment.
To apply for this position, please submit your resume and cover letter highlighting your relevant experience and qualifications. Our recruitment team will review applications and contact qualified candidates for further discussions.
arenaflex is an equal opportunity employer committed to diversity and inclusion. We welcome applications from all qualified individuals regardless of race, color, religion, gender, sexual orientation, national origin, age, disability, or any other protected characteristic.
Apply now and become part of a team that's shaping the future of cybersecurity governance! We look forward to welcoming you to arenaflex.