Experienced Third-Party Risk Management (TPRM) Cybersecurity GRC Professional – Governance, Compliance & Internal Controls Specialist

---

About arenaflex

At arenaflex, we are at the forefront of cybersecurity innovation, protecting organizations from evolving digital threats while enabling business growth through robust governance, risk management, and compliance frameworks. As a global leader in our industry, we understand that in today's interconnected business landscape, third-party relationships are essential—yet they introduce complex risks that require sophisticated management.

Our Cybersecurity team is comprised of passionate professionals who specialize in developing and implementing strategies that help organizations align with their commercial objectives while managing risks effectively and meeting industry standards. We work at the intersection of technology and innovation, constantly advancing our capabilities to stay ahead of emerging threats. When you join arenaflex, you become part of a culture that values excellence, continuous learning, and the pursuit of cybersecurity excellence.

We are currently seeking an experienced Third-Party Risk Management (TPRM) GRC Professional to join our dynamic Cybersecurity team. This is a fantastic opportunity for a cybersecurity specialist looking to make a meaningful impact while advancing their career in a supportive, growth-oriented environment.

Position Overview

We are looking for an experienced Governance, Risk, and Compliance (GRC) professional specializing in cyber protection to guide TPRM-related activities and ensure smooth daily execution of various tasks within our team. The ideal candidate will assist arenaflex's third-party/internal threat control software while managing internal security compliance requirements and implementing regulations, tactics, and frameworks.

This role offers the flexibility of remote work with both part-time and full-time options available, competitive compensation, and the chance to work with a team of dedicated cybersecurity experts who are committed to protecting the organization while enabling business innovation.

Key Responsibilities

Third-Party Risk Management (TPRM)

• Manage and support arenaflex's Global Third-Party/Internal Risk Program for conducting cyber risk-related due diligence assessments
• Validate incoming third-party and internal risk assessment requests, working with business stakeholders to confirm request details and engagement scope
• Conduct kick-off meetings with business stakeholders and relevant third parties for conducting third-party assessments
• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties
• Review submitted questionnaires for completeness and identify risks arising from the design and operational effectiveness of internal/third-party security controls
• Document responses, associated findings, and remediation plans in arenaflex systems
• Draft and review assessment reports, ensuring respective business stakeholders complete reviews
• Serve as a strong liaison to ensure any queries are addressed concerning the risk control technique and evaluation to business or third parties as required
• Perform continuous tracking of third parties via arenaflex systems for current/new findings and drive any findings to closure
• Identify opportunities for improvement within arenaflex systems and strategies
• Work closely with risk leads/supervisors to schedule and execute a range of supporting activities related to the risk management program

Governance, Threat, and Compliance

• Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with arenaflex's risk appetite
• Maintain and document compliance towards information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments
• Lead the development and delivery of compliance and risk education and ongoing communications that help foster a culture of security and compliance
• Stay current with regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk areas
• Lead activities to maintain and guide ISO 27001 standards

Essential Qualifications & Experience

• Applicable Bachelor's/Master's degree from an accredited university or equivalent experience
• Minimum of 4 years of experience in third-party risk management, information security, and audit and compliance tracking (minimum of 2-3 years in TPRM/Internal Audit)
• Preferred experience with a large enterprise and/or major consulting firm
• Strong working understanding of information security-related best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and others
• Experience in the management of risk, controls, and compliance
• Knowledge of risk assessment methodologies—qualitative and quantitative
• Strong analytical and problem-solving abilities
• Strong presentation, making and delivery abilities

Preferred Certifications

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO27001 Lead Implementer/Auditor
• CISSP (Certified Information Systems Security Professional)
• Experience in AI/ML is a plus

Competencies & Attributes for Success

Technical Competencies

• Strong understanding of information security frameworks and standards
• Proficiency in risk assessment methodologies
• Knowledge of regulatory compliance requirements
• Experience with GRC tools and platforms
• Familiarity with third-party risk management lifecycle

Professional Skills

• Outstanding stakeholder management and communication skills
• Excellent analytical and problem-solving abilities
• Strong presentation and report-writing capabilities
• Ability to navigate fast-paced environments and be flexible with working hours
• Excellent communication skills, both verbal and written
• Adapt quickly to changing conditions and drive quality change

Personal Attributes

• Strong interpersonal abilities with a collaborative mindset
• Ability to work independently and as part of a team
• High attention to detail and accuracy
• Proactive approach to identifying risks and improvements
• Commitment to continuous learning and professional development

Career Growth & Development Opportunities

At arenaflex, we believe in investing in our people. As a GRC professional in our Cybersecurity team, you will have access to:

• Comprehensive training and development programs
• Certification sponsorship and support (CISA, CRISC, CISSP, ISO27001)
• Mentorship from senior cybersecurity leaders
• Exposure to cutting-edge cybersecurity technologies and methodologies
• Clear career advancement pathways within the cybersecurity domain
• Cross-functional collaboration opportunities across the organization
• Regular knowledge-sharing sessions and industry conference participation

You will work alongside experienced professionals who are committed to helping you grow your expertise in governance, risk management, and compliance. This role provides an excellent foundation for advancing into senior GRC positions, such as Risk Lead, Compliance Manager, or Chief Information Security Officer (CISO) roles in the future.

Work Environment & Culture

arenaflex offers a flexible, remote-friendly work environment that supports work-life balance. We understand that the best work happens when our team members are energized, motivated, and able to work in ways that suit their individual needs. Whether you prefer part-time or full-time engagement, we provide the tools, resources, and support you need to succeed.

Our culture is built on collaboration, innovation, and integrity. We value diverse perspectives and believe that inclusive teams produce the best results. You'll be joining a team of dedicated cybersecurity professionals who are passionate about protecting the organization and enabling its growth through effective risk management.

Compensation & Benefits

We offer competitive compensation packages that reflect your experience, skills, and contributions. In addition to a competitive salary, arenaflex provides a comprehensive benefits package including:

• Health, dental, and vision insurance
• Retirement savings plans
• Paid time off and holidays
• Professional development opportunities
• Flexible work arrangements
• Performance bonuses
• Employee assistance programs

Why Join arenaflex?

By joining arenaflex, you become part of a forward-thinking organization that values cybersecurity excellence and is committed to protecting its stakeholders. You'll work on meaningful projects that have a real impact on the organization's security posture, and you'll be supported by a team that genuinely cares about your success and growth.

We are looking for individuals who are excited about the opportunity to contribute to a world-class cybersecurity program, who thrive in collaborative environments, and who are committed to maintaining the highest standards of governance, risk management, and compliance.

How to Apply

If you are ready to take the next step in your cybersecurity career and want to make a meaningful impact, we encourage you to apply. We are looking for candidates who are passionate about cybersecurity, committed to excellence, and ready to contribute to our mission of protecting arenaflex while enabling innovation.

To apply, please submit your resume and a cover letter highlighting your relevant experience and why you are excited about this opportunity. Our hiring team will review applications and reach out to qualified candidates for further discussions.

arenaflex is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We welcome applications from all qualified individuals regardless of race, color, religion, gender, sexual orientation, national origin, age, disability, or any other protected status.

Join us and be part of something extraordinary. Apply today to become part of the arenaflex cybersecurity team!