Search Results

Third party risk management (TPRM) looks very different now than it did 20 years ago. Back then, teams mainly checked procurement and contracts and conducted basic due diligence. Rules were simpler, and oversight was mostly manual. Today, TPRM covers just about every part of the business, including cybersecurity, privacy, resilience, business continuity, AI, fourth-party and supply chain risks, compliance, Environmental, Social, Governance (ESG), and even geopolitics. The field has become more specialized, with dedicated professionals, certifications, technology tools, and standardized industry practices. As TPRM evolves, practitioners must continuously learn to ensure their skills remain current. This article covers key TPRM skills to consider in today’s environment and shares practical ways to build them through your daily work and ongoing learning. Practical Technical Skills and Understanding Everyone working in TPRM should have a solid grasp of the basics: lifecycle stages, core risk domains, risk tiering, critical third party identification, ongoing monitoring and reassessment, performance oversight, and offboarding. Comfort with these fundamentals is essential for TPRM professionals. The next sections outline technical skills and experience that are increasingly vital for both new and seasoned practitioners. Understanding AI in a TPRM Context By now, most professionals have heard that anyone who does not learn AI will be left behind. For TPRM practitioners, the bar is higher than just knowing how to use a tool. The key capability is understanding how AI is actually being used across your organization and your third party ecosystem, as well as how that use affects existing risk domains such as cybersecurity, privacy, operational resilience, reputation, and governance. Organizations vary in AI maturity. Some have formal governance and oversight; while others are still finding out where AI is used across their business and third party services. Even when governance structures are still developing, effective third party risk practitioners prioritize understanding AI well enough to ask informed questions, recognize its presence in workflows and products, and identify potential operational, cybersecurity, or compliance concerns before formal processes are established. Ways to build capability include: Learn the basics of how AI systems function, including concepts such as large language models, training data, automation, model drift, and generative AI. Focusing on your higher-risk third parties, pick one that markets “AI-powered” capabilities and review its documentation, privacy notice, or security whitepaper. Note where data use, governance, and controls are clearly explained and where information is vague or missing. Ask internal Security, Data, Architecture, or Technology teams to walk through one existing AI use case and its risk review. Identify which of those questions you should also be asking during third party due diligence. Review a current questionnaire, contract template, or assessment process and identify where AI-related questions, disclosures, or governance language should be added or strengthened. Spending time on these activities helps you see how AI really works in your company and with third parties. This hands-on experience shows that AI is more than just an abstract idea. Seeing Risk Beyond the Questionnaire Many third party risks don’t show up in questionnaires or security checks. Instead, they appear as outages, repeated failures, missed promises, poor escalation, unhappy teams, or customer complaints. It’s important to spot risks beyond checklists and understand how vendors work every day. Strong TPRM links third party oversight to real operations. This requires knowing where the business relies most on a provider, where workarounds exist, where support issues recur, and where failures cause disruption. These insights often come from conversations, incident reviews, and observing relationships over time. Ways to build capability include: Ask a business owner to walk through how they use a key third party during a normal workday, including where they experience the most dependency, delays, or operational pain points. After a third party-related incident or outage, review the event summary and identify where stronger TPRM visibility or earlier questioning may have helped surface concerns sooner. Sit in during operational, service review, or escalation meetings involving key third parties to see how issues are handled in practice versus how they appear in contracts or assessment responses. Review recurring support tickets, performance metrics, or complaint trends tied to critical third parties and look for patterns that may indicate broader operational or governance concerns. Strengthening this area helps you spot operational risks early, establish credibility with business stakeholders, and expose hidden gaps that questionnaires may miss. The key is proactively identifying risks and gaps before they impact operations or stakeholder trust. Turning Data into Something People Can Use Most TPRM teams collect plenty of data, but much of it is hard to use or doesn’t support decision-making. Reports can be overwhelming, dashboards confusing, and important issues can get lost. A key skill is making information clear so the business can focus on what matters. You don’t need to be a reporting pro or data-visualization expert, but you do need to organize info so people can see the real risks, know what matters, and focus. The best reports make things clear quickly, not just dump out all the data. Ways to build capability include: Review a dashboard or report your team regularly produces and identify what people actually reference during meetings versus what is largely ignored. Take a large third party spreadsheet and reduce it to a short summary focused only on critical third parties, overdue remediation items, or unresolved high-risk issues, then see whether the simpler version improves the discussion. Ask a business stakeholder which third party metrics or reports they actually find useful versus which ones feel confusing or too complicated. Practice summarizing a complicated third party issue in a few plain-language sentences without leaning on acronyms, scoring formulas, or framework terms. When you make data easier to understand, people can make better decisions. Clarity helps drive action with confidence. Building Contract and Performance Awareness No one expects you to be a lawyer, but you do need to know contracts and performance standards well enough to spot when something is missing, unclear, or doesn’t line up. Big risk calls often hinge on service levels, security promises, escalation rules, audit rights, or how you can end a contract, even if you’re not the one negotiating the details. Good TPRM means spotting the gap between stakeholder assumptions and contract terms. If you understand service level agreements (SLAs), reporting, and accountability, you give better advice and catch problems before they become disputes. Ways to build capability include: Select one important third party agreement and review only the sections tied to SLAs, security obligations, audit rights, incident notification requirements, and termination language, then summarize the key commitments in plain business language. When a third party repeatedly underperforms, compare the operational issues being reported to the contractual requirements and identify where expectations and obligations do not line up. Sit with Procurement, Legal, Vendor Management, or Business teams during a contract review discussion to see which provisions tend to create the most negotiation friction or operational risk. Review a recent third party’s escalation or dispute and identify whether the issue stemmed from poor performance, unclear expectations, weak governance, or contract language that lacked specificity. Improved contract and performance awareness empowers you to address gaps early and drive realistic risk conversations. Takeaway: Understand contracts to manage operational outcomes. Soft skills deserve equal attention Technical expertise helps you identify problems and assess risk, but your influence on outcomes hinges equally on how you communicate, negotiate, and collaborate. These interpersonal skills are least likely to be automated, making them necessary for long-term career endurance in this field. Telling the Risk Story So People Listen Risk management matters only when people understand it clearly enough to make decisions or act. Many TPRM teams provide detailed, accurate assessments, yet leaders leave discussions uncertain about priorities. The ability to explain risk in practical, relevant terms tied to business impact is priceless. Effective communication in TPRM is not about sounding technical. It is about making information usable. Stakeholders need to understand the issue, how it could affect the business, the trade-offs, and the action you recommend. That often means simplifying language, cutting unnecessary detail, and focusing on consequences and decisions rather than framework terminology. Ways to strengthen this area include: Take a recent assessment or finding and rewrite the summary for a business leader in five short sentences, focusing on impact, exposure, and available options. Before a meeting or escalation discussion, identify the specific decision, approval, or action you need and shape your talking points around that outcome. Review an older risk report or assessment summary and spot where acronyms, scoring language, or technical detail may have made the message harder to understand. Ask a non-TPRM stakeholder to review one of your summaries or presentations and explain back what they believe the risk or concern is, then notice where misunderstandings occur. Clear communication makes it much easier to build stakeholder trust, gain support for remediation efforts, and help the business make well-informed decisions. Handling Stakeholders, Negotiation, and Conflict TPRM is often caught between different pressures. Business teams want speed and flexibility. Security wants stronger controls. Legal cares about liability. Procurement focuses on cost and timing, and third parties want quick agreements. Handling these tensions is a normal part of the job. The goal isn’t to win every argument or block progress. Good TPRM work means raising concerns clearly, explaining trade-offs, and helping others make reasonable decisions without causing extra friction or damaging relationships. Ways to strengthen this area include: During a difficult conversation or escalation, start by clearly summarizing the other party’s priorities or concerns before presenting your own risk perspective or recommendations. When documenting disagreements or unresolved concerns, frame the situation around available options, tradeoffs, and potential impacts rather than reducing it to a simple approval-versus-rejection decision. Observe how experienced leaders in your organization handle difficult stakeholder conversations, especially where business pressure and risk concerns collide. After a challenging meeting, reflect on which communication approaches helped move the discussion forward and which ones created defensiveness or blocked progress. Getting better at this builds your credibility and helps others see TPRM as a collaborative partner who solves problems, not just a gatekeeper. Growing Yourself and Your Team If you lead a TPRM function, these same capabilities apply at the team level. The work is changing, and so are expectations. It is not enough to build processes and buy tools. Teams need chances to practice, learn from mistakes, and grow in both technical and soft skills. To ensure ongoing development is effective, consider tracking team growth through regular skills assessments, structured feedback sessions, and peer reviews. These approaches help you spot where the team is making progress and where more support is needed. You don’t need a formal rotation program. Small, intentional opportunities within your current work can help people grow. In practice, that can look like: Giving analysts chances to present their own work instead of always presenting for them, then debriefing afterward on what landed well and what could be clearer next time. Inviting team members to observe a contract negotiation, a difficult third party call, or a high-stakes risk discussion, and then talking through why certain points were pushed, where tradeoffs were made, and how tone influenced the outcome. Using real assessments, incidents, or escalations as teaching moments, walking through not just what decision was made, but how you weighed business pressure, control gaps, and relationship impact. Pairing less experienced staff with more senior colleagues on complex third parties so they can see how judgment is applied, not just how checklists are completed. These practices help move TPRM from just following steps to building real judgment, which is more important than ever. Conclusion Third party risk management will continue to evolve as long as organizations rely on external products, services, platforms, and partners. There is no way to predict exactly what the next few years will bring, whether that is new regulatory pressure, different operating models, more embedded AI, or risks that are not getting enough attention today. What tends to set the most effective people in this field apart is a strong grasp of the foundations, paired with communication, judgment, stakeholder management, and a willingness to keep learning as the environment changes. For people already doing this work, that means keeping your eyes open, staying curious, and treating the job itself as part of your ongoing development. With so many skills to develop, it helps to prioritize based on both organizational needs and your personal areas for improvement. Start by talking with your manager or stakeholders about which risks or capabilities are most urgent for your business right now. Consider where you feel least confident or where you have received feedback, and target skill-building there first. Reviewing recent incidents, business objectives, or audit findings can also help you choose the most relevant areas to focus on. By identifying a few high-impact skills to work on at a time, you can make continuous progress without becoming overwhelmed. For those leading teams, it also means building the bench, creating opportunities for people to grow, and helping strong practitioners expand into the more extensive range the field now demands. Author Bio Hilary Jewhurst Sr. Membership & Education Coordinator at TPRA Hilary Jewhurst is a seasoned expert in third party risk and risk operations, with nearly two decades of experience across financial services, fintech, and the nonprofit sector. She has built and scaled third party risk programs from the ground up, designed enterprise-wide training initiatives, and developed widely respected content that helps organizations navigate regulatory complexity with clarity and confidence. Known for turning insight into action, Hilary’s thought leadership and educational work have become go-to resources for professionals looking to mature their TPRM programs. She regularly publishes articles, frameworks, and practical guides that break down complicated risk topics into meaningful, accessible strategies. Hilary recently joined the Third Party Risk Association (TPRA) as a staff member, supporting industry-wide education, peer learning, and advancing best practices. She is also the founder of TPRM Success, a boutique consultancy that helps organizations strengthen their third party risk management capabilities through targeted training, tools, and strategic guidance.

Executive Summary Third-Party failures rarely begin as legal disputes. They being as performance weaknesses, control breakdowns, or operational gaps that contracts failed to anticipate, define or enforce. Most organizations treat contracts as legal protection and service level agreements (SLAs) as operational metrics. But in reality, contracts and SLAs are among the most powerful risk management tools an organization has – if they are designed to reflect the priorities of all stakeholders and monitored through a risk lens. This paper introduces the concept of Contractual Fitness: the degree to which a vendor agreement translates enterprise risk, regulatory expectations, and resilience requirements into enforceable obligations and measurable performance indicators. It also outlines how SLA performance monitoring, when aligned to risk impact rather than technical convenience, becomes an early warning system for vendor instability, compliance exposure, and operational disruption. The Core Problem: Why Contracts Often Fail the Business Across industries, contracts are negotiated in silos Function What They Focus On What Often Gets Missed Legal Liability, indemnification, dispute terms Operational enforceability of resilience & security IT Technical SLAs Business impact of service degradation Compliance Regulatory clauses Monitoring mechanisms to validate compliance DR/Resilience Recovery capabilities Contractual testing and proof requirements Procurement Commercial Terms Risk-based performance accountability TPRM Risk identification Ensuring mitigations become binding obligations Results: risks are identified during due diligence but never fully embedded into contractual language or measurable SLAs. Contracts describe services – they don't always control risks. Defining Contractual Fitness Contractual Fitness is the alignment between: Risk Exposure – What could go wrong Contractual Obligation – What the vendor is legally required to do Performance Metrics (SLAs) - How ongoing effectiveness is measured Governance & Enforcement – What happens when performance degrades A contract is “fit” when risk expectations are: Clearly Defined Measurable Auditable Enforceable Stakeholder Priorities and How They Translate into Contract SLAs Vendor risk is multi-dimensional. A contract that works only for Legal or for IT is incomplete. Below is a cross-functional view of what each stakeholder needs from vendor agreements. Stakeholder Primary Concern Critical Contractual Clauses Key SLA / Monitoring Metric Common Gap Information Security Protection of systems and data Security control requirements, vulnerability management, audit rights, incident notification timeliness Patch remediation timeliness, vulnerability remediation cycle time, incident response time Security language is vague (“reasonable security”) and not measurable Privacy Lawful data processing & subject rights Data Processing Addendum, sub processor approval, cross border transfer terms, deletion or return of data DSAR support response time, deletion certification timelines, sub processor change notifications Privacy obligations exist but are not operationalized or tracked DR / Resiliency Service recovery within tolerance Defined RTO/RPO, mandatory testing, geographic redundancy, dependency transparency DR test success rates, actual recovery time vs. Contracted RTO, backup validation results RTO/RPO written in contract but no tested or reported IT / Engineering Reliable technical performance Availability SLAs, incident response SLAs, change management notice, maintenance windows Uptime % latency, MTTR (mean time to restore), change notification timeliness SLAs measure performance but not business disruption Legal Liability containment & enforceability Indemnification, limitation of liability carve-outs, termination rights, cooperation clauses Tracking repeated breaches of contractual obligations Operational failures not escalated as contractual risk triggers Compliance / Regulatory Ability to demonstrate oversight Right to audit, regulatory cooperation, control evidence requirements Timeliness of evidence delivery, audit finding remediation timeliness Contract allows audit, but evidence collection is not structured Finance / Procurement Financial exposures & value Service credits, benchmarking, billing audit rights, termination for convenience SLA credit trends, billing accuracy rates, overcharge recovery Credits are claimed but not analyzed as risk signals TPRM Holistic risk oversight Risk-based obligations, subcontractor flow-down performance reporting requirement SLA degradation rends, control testing results, unresolved issue aging Risk findings don’t always translate into enforceable contract terms. From Clause to Control: What “Good” Language Looks Like A major element of contractual fitness is moving from vague commitments to measurable obligations. Risk Area Weak Clause Contractually Fit Clause DR “Vendor will maintain disaster recovery capabilities” “Vendor shall maintain DR capabilities sufficient to restore services within an RTO of 8 hours and an RPO of 15 minutes. Vendor will conduct at least annual failover testing and provide documented results and remediation plans.” InfoSec “Vendor will use reasonable security measures” “Vendor shall maintain security controls aligned to ISO 27001 or NIST CSF and remediate critical vulnerabilities within 14 days and high vulnerabilities within 30 days.” Incident Notification “Vendor will notify customer of breeches promptly” “Vendor shall notify Customer within 24 hours of becoming aware of a confirmed or suspected security incident affecting Customer Data and provide status updates every 48 hours until containment.” Sub processors “Vendor may use subcontractors” “Vendor must provide 30 days prior notice of new sub processors, flow down equivalent security and privacy obligations, and remain fully liable for their performance.” SLA Reporting “Vendor will provide performance reports.” “Vendor shall provide monthly SLA performance reports including uptime, incident metrics, and root cause analysis for any SLA breach.” SLA Performance Monitoring as a Risk Discipline SLAs are often treated as operational scorecards. But they are more powerful when viewed as risk indicators. SLA Metric Traditional Interpretation Risk-Based Interpretation Uptime % Service quality Operational continuity and customer impact risk Incident Response Time Help desk efficiency Cyber containment and business disruption risk DR Test Results Technical exercise Organizational survival dependency Patch Timelines IT hygiene Exposure window for cyber exploitation Change Notification Process formality Risk of unassessed system or data impact When TPRM tracks these metrics over time, patterns emerge that may include: Control fatigue Under-investment by the vendor Operational instability Elevated breach or outage likelihood Trending & Early Warning Indicators Isolated SLA failures happen. Trends tell the real story. Trend Patterns Potential Risk Signals Gradual increase in SLA credits over multiple quarters Declining service quality or capacity strain Missed DR testing deadlines Weak recovery preparedness Slower vulnerability remediation times Security control deterioration Increasing incident response times Staffing or Operational stress at vendor Delays in providing audit evidence Compliance maturity issues These trends allow organizations to act before a regulatory breach, data compromise, or major outage occurs. Governance: What Happens When Performance Degrades Measurements without action creates - “risk tolerance” by default. A contractually “fit” governance model includes: Operational Review – immediate discussion of SLA breach Formal Notice of Performance Concerns – Triggered by repeated failures Executive Governance Escalation – senior-level accountability Documented Remediation Plan – with deadlines and reporting Termination Readiness – exercising exit rights if risk remains unacceptable. These steps must be supported by contract clause allowing: Formal notice of breach Mandatory remediation Service credits Termination for chronic failure The Integrating Role of TPRM TPRM is uniquely positioned to connect: Phase TPRM Role Pre-Contract Identify risk and required control expectations Contracting Ensure risk requirements translate into clauses & SLAs Ongoing Monitoring Analyze SLA trends and control performance Escalation Elevate chronic issues as enterprise risk concerns Renewal / Exit Use performance history to inform decisions TPRM transforms contracts from static documents into dynamic risk management tools. Actionable Take-Aways For TPRM Map risk tiers to mandatory clauses and SLA expectations Trend SLA performance as part of ongoing monitoring Treat repeated SLA failures as risk events, not vendor nuisances For Legal Replace “reasonable efforts” with measurable, auditable standards Preserve audit, termination, and step-in rights Ensure operational clause are enforceable, not just aspirational For IT, Security, Resilience Team Define SLAs based on business impact tolerance, not vendor defaults Require testing and documented evidence for recovery and security claims For Procurement & Finance Analyze SLA credits and billing issues as indicators of operational risk Tie commercial leverage to performance accountability For Executives View chronic vendor underperformance as an enterprise risk signal Support cross functional governance when SLA show sustained decline Contracts should not simply describe services; they should operationalize trust. When risk expectations are translated into enforceable obligations and monitored through meaningful SLAs, vendor agreements become what they were always meant to be. A front-line control for protecting the organization's operations, data, customers, and reputation. Authors Heather Kadavy Director of Membership Success at TPRA Ryan Hesser VP Third Party Risk Mgmt & Legal Counsel at VyStar CU

In this episode of the TPRM Exchange Podcast, host Hilary Jewhurst sits down with Tracy Keeping, Founder of Steel Harbor Consulting and former risk executive at State Street, JPMorgan Chase, and Deutsche Bank, to explore one of the most pressing challenges facing third party risk programs today: geopolitical uncertainty. “Geopolitical uncertainty becomes a third party problem the moment it impacts operational decisions.” The conversation explores why traditional geopolitical risk assessments often fail to capture the speed and interconnectedness of these changes, and how organizations can move from passive visibility to active decision-making. Rather than treating geopolitical risk as a standalone category, Tracy explains how emerging conditions are exposing vulnerabilities hidden deep within vendor ecosystems, supply chains, cloud infrastructure, and subcontractor dependencies. “Geopolitical risk isn’t creating entirely new problems — it’s accelerating the risks organizations already have.” This episode is especially valuable for practitioners navigating: Rapidly changing supplier and jurisdictional exposure Escalating concentration and fourth-party risk Executive pressure to make faster decisions with incomplete information The growing gap between assessment cycles and real-world events Governance and accountability challenges during periods of uncertainty Key Takeaway Geopolitical risk is no longer a static checkbox within a risk framework — it is a dynamic force accelerating existing vulnerabilities across third-party ecosystems. Organizations that succeed will be the ones that connect external events to operational decision-making in real time. About the Guest Tracey Keeping Founder and CEO Steel Harbor Consulting Tracy Keeping is the Founder of Steel Harbor Consulting and a former risk executive at State Street, JPMorgan Chase, and Deutsche Bank. 📩 Have a topic idea? Email: pod@tprassociation.org

Join TPRA’s free 2025 Virtual Conference on September 10 to explore continuous improvement in Third Party Risk Management. Attend expert-led sessions, earn CPE credits, and enhance your TPRM strategy. 2026 Virtual Conference Emerging Risks & Operational Resiliency Wednesday, September 9, 2026 • 9:00 AM - 4:00 PM Central Open to All • Free • 6 CPE Credits Available Register Now Join the Third Party Risk Association (TPRA) for our 2026 Virtual Conference: " Emerging Risks & Operational Resiliency " on Wednesday, September 9 , 2026, from 9:00 AM to 4:00 PM CT . What to Expect As organizations navigate an increasingly complex risk landscape, this conference will explore the latest emerging threats—from evolving regulatory expectations to third party vulnerabilities and operational disruptions. Attendees will gain actionable guidance on strengthening resilience, enhancing risk frameworks, and proactively addressing uncertainties that can impact business continuity. Through expert-led sessions, participants will leave better equipped to anticipate challenges, adapt to change, and build more robust, future-ready organizations. Who Should Attend? This conference is ideal for: TPRM professionals seeking to enhance their programs Risk management and compliance officers Procurement and vendor management specialists IT and cybersecurity professionals involved in third party risk Whether you’re focused on third-party risk, enterprise risk, or operational continuity, this event offers valuable perspectives and tools to help you stay ahead in a rapidly shifting environment. Register Now TRACK 1 Driving Resilience Through Continuous Improvement TRACK 2 Driving TPRM Transformation Through Innovation TRACK 3 Navigating Emerging Risks & Regulatory Change Agenda Coming Soon SESSION TIME Session Track Session Title Speaker Button Speakers Apply to Speak Speaker Name Title Organization Thank you to our Sponsors ! Interested Sponsors

Join the TPRM community at TPRA for expert resources, training, templates, and tools to strengthen your third party risk program and grow your network. Join the only not-for-profit, vendor-agnostic professional association uniting thousands of TPRM professionals worldwide. Furthering the profession of third party risk management through knowledge-sharing & networking. Learn More Join Now The all-in-one source for Third Party Risk Management (TPRM) tools, templates, training, networking, certifications & industry best practices. MEMBERSHIP CONNECT & DISCOVER Individuals & organizations working together to advance the industry. More > EDUCATION MEETINGS & TRAINING Certifications & training for risk professionals to advance their careers & enhance their programs. More > RESOURCES INFORMATION SHARING SITE White papers, templates, guidance & more to enhance your program. More > TOOLS & AUTOMATION EXPLORE & CONTACT Detailed profiles of trusted TPRM service provider organizations & their offerings. More > Advance Your Career in Risk Management: Learn About the Benefits of TPRA Membership > Practitioner Plans Standard: FREE Premium: $199/yr BENEFITS Member Meetings Interactive monthly calls to discuss a variety of third party risk topics decided upon by members. Conferences In-person and virtual conferences dedicated solely to third party risk topics. Networking Online interaction with your peers through membership forums and document databases. Industry-Specific Meetings Quarterly special interest calls based on your industry. Demos, Surveys, Webinars Access to third party risk management service provider demos, surveys, & webinars. Certifications TPRM professional certifications that establish credibility and demonstrate your commitment to mastering your skills and knowledge within the industry. Join Now Vendor Plans 4 available plans starting at $8,000/yr BENEFITS Priority & Discount Sponsorship Opportunities Be the first to sponsor conferences and receive discounted member rates, as well as priority positioning. Networking & Collaboration Attend monthly and quarterly meetings with TPRM practitioners and other service providers to network, collaborate, create resources, share insights, and more! Promotional Opportunities Work with the TPRA staff to communicate to Practitioner Members the your organization's webinars, surveys, demos, blog posts, and white papers. Advisory Councils Join our TPRM Service Provider Advisory Council, as well as other groups, dedicated to collaborating, sharing insights, and providing strategic guidance. Quarterly Updates Receive quarterly updates with industry innovators to collaborate on practitioner needs. Join Now Meetings Open to All Meetings Open to All Member Meetings & Events On-Demand Meetings Thursday, June 11, 2026 10:00 – 11:00 AM CT Roundtable: Keeping Pace with the Global Compliance Landscape Register > Tuesday, June 16, 2026 1:00 – 2:00 PM CT Women In TPRM Meeting Register > Thursday, July 9, 2026 10:00 – 11:00 AM CT Roundtable: Nth Party & Supply Chain Risk Register > Tuesday, July 21, 2026 1:00 – 2:00 PM CT Women In TPRM Meeting Register > CONTACT US OUR INFORMATION Address: P.O. Box 824 Ankeny, Iowa 50021 USA Email: info@tprassociation.org For any general inquiries, please fill out the contact form. First name* Last name* Email* Subject Message* Yes, subscribe me to TPRA communications. Submit

Explore jobs in third party risk management from organizations hiring TPRM professionals. New listings added regularly. Start your search today. TPRM Job Listings Searching for a TPRM-specific job? Check out the listings below from organizations looking for talented TPRM professionals! Note: TPRA reserves the right to remove any job listing for any reason and without communication to the contact. Post a Job Cardinal Health Manager, Sustainable Supply Chain View Job US (Remote) JPMorganChase Principal Cybersecurity Architect, Third Party Assurance View Job Plano, TX Goldman Sachs Corporate Planning & Management, Vendor Management. (TPRM), Sr. Associate / Jr VP, Dallas View Job Dallas, TX Centene Corporation Director, TPRM View Job Missouri, US (Remote) Pumpkin Director GRC | TPRM View Job Chicago, IL (Hybrid) FNBO Third Party Risk Manager View Job Omaha, NE SECU Third Party Risk Management Analyst II View Job Raleigh, NC General Atomics Aeronautical Systems Supply Chain Risk Manager View Job Poway, CA (onsite) Advanced Auto Parts Sr. Manager of Cybersecurity, Third Party Risk View Job Raleigh, NC Deloitte IT Vendor Financials & Contract Manager View Job Tampa, FL or Chicago, IL (Hybrid) Vuori Vendor Compliance Manager View Job Carlsbad, CA (remote) Truist Cybersecurity, TPRM Director View Job Raleigh, NC or Atlanta, GA LOAD MORE