Experienced Third-Party Risk Management (TPRM) Cybersecurity Specialist – Governance, Risk, Compliance & Data Protection

Join arenaflex as a GRC Cybersecurity Professional

Are you ready to take your career in Cybersecurity Governance, Risk, and Compliance (GRC) to the next level? arenaflex is looking for an experienced and dedicated professional to join our dynamic Cyber & Data Security team. In this role, you will be instrumental in guiding GRC-related activities and ensuring the clean, efficient execution of critical cybersecurity tasks within our organization.

At arenaflex, we believe that robust cybersecurity is the foundation of trust and innovation. As our Third-Party Risk Management (TPRM) Specialist, you will play a pivotal role in protecting our organization from cyber threats while enabling business growth through strategic risk management. This is a remote position offering flexibility for both part-time and full-time arrangements, with a competitive annual compensation of $80,000.

About the arenaflex Cybersecurity Team

Our Cybersecurity team at arenaflex consists of talented professionals who are passionate about formulating and implementing strategies that help our organization align with its commercial objectives while managing risks effectively and meeting industry guidelines and standards. We work on cutting-edge technology and toward new innovations in the area of cybersecurity to deliver excellence in everything we do.

As a member of our team, you will collaborate with stakeholders across the organization to ensure that our third-party risk management program operates at the highest level of effectiveness. You will have the opportunity to work with industry-leading tools, frameworks, and best practices while contributing to our organization's overall security posture.

Position Overview

This position reports to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division. The successful candidate will be responsible for managing our third-party/internal threat control software, overseeing internal safety compliance requirements, and implementing regulations, tactics, and frameworks at arenaflex.

Key Responsibilities

Third-Party Risk Management (TPRM)

• Manage and support the organization's Third-Party/Internal Risk Management Software platform


• Assist in implementing and maintaining arenaflex's Global Third-Party/Internal Risk Method for conducting cyber danger-related due diligence examinations


• Validate incoming third-party/internal danger assessment requests, working closely with business stakeholders to confirm request details and engagement scope


• Conduct kick-off meetings with business stakeholders and relevant third parties for conducting thorough third-party assessments


• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness


• Analyze and determine risks arising from the contemporary design and operational effectiveness of internal/third party's security controls


• Document responses, associated findings, and remediation plans in arenaflex's systems


• Draft and review assessment reports while ensuring respective business stakeholders finalize critiques in a timely manner


• Serve as a strong liaison to address queries concerning risk control techniques and evaluations for business or third parties as required


• Perform continuous tracking of third parties via arenaflex's systems for current and new findings, tracking any findings to closure


• Identify opportunities for improvement within arenaflex's systems and strategies


• Work closely with risk leads and supervisors to schedule and execute a range of supporting activities related to the risk management program

Governance, Threat and Compliance

• Lead and support the development of cybersecurity hazard and compliance-related strategies to ensure treatment of cybersecurity risk consistent with arenaflex's risk appetite


• Maintain and document compliance towards information safety associated guidelines and processes through planning, checking, remediating, tracking, and reporting on control critiques and threat checks


• Lead development and delivery of compliance and risk education and ongoing communications that help power a culture of protection and compliance


• Stay current with regulatory changes, new guidelines, technology, and internal policy modifications to further identify new key risk regions


• Lead activities to maintain and guide ISO 27001 standards across the organization


• Ensure adherence to SOC 2 requirements, SSAE 16/18 standards, and other relevant security frameworks

Essential Qualifications

• Bachelor's or Master's degree from an accredited university or equivalent professional experience


• Minimum of 4 years of experience in Third-Party Risk Control, information security, and audit and compliance tracking (with at least 2-3 years specifically in TPRM or Internal Audit)


• Working understanding of information security related best practices and requirements including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements


• Experience in the management of hazard, controls, and compliance


• Knowledge of risk assessment methodologies – both qualitative and quantitative approaches


• Strong analytical and problem-solving abilities


• Excellent presentation making and delivery abilities


• Outstanding stakeholder management skills

Preferred Experience & Credentials

• Experience working with a large enterprise and/or Big Four accounting firm is preferred


• One or more of the following certifications: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP


• Experience in AI/ML as it relates to cybersecurity and risk management is a plus


• Familiarity with specialized TPRM software platforms and tools

Competencies & Attributes for Success

Technical Competencies

• Strong understanding of information security frameworks and standards


• Proficiency in risk assessment and management methodologies


• Knowledge of regulatory compliance requirements


• Experience with audit and compliance tracking systems


• Ability to analyze complex security controls and identify vulnerabilities

Personal Attributes

• Robust interpersonal abilities with the capacity to build strong relationships across the organization


• Ability to navigate fast-paced environments and demonstrate flexibility with working hours


• Excellent communication skills, both verbal and written


• Quick adaptability to changing conditions and ability to drive quality change


• Strong attention to detail while maintaining strategic perspective


• Ability to work independently and as part of a collaborative team

Career Growth & Learning Opportunities

At arenaflex, we are committed to the professional development of our team members. This role offers exceptional opportunities for career advancement within the cybersecurity and governance space. You will gain hands-on experience with industry-leading frameworks, work alongside experienced cybersecurity professionals, and develop expertise in third-party risk management that is highly valued in today's security landscape.

You will have access to continuous learning resources, professional development programs, and certification support to help you advance in your career. As you grow within arenaflex, you will have the opportunity to take on increased responsibilities, lead strategic initiatives, and potentially move into management positions within our cybersecurity organization.

Work Environment & Culture

arenaflex embraces a flexible work-from-home culture that promotes work-life balance while maintaining high standards of collaboration and communication. Our remote work environment is designed to support productivity and innovation, allowing you to contribute your best work from the comfort of your own space.

We foster a culture of continuous improvement, open communication, and mutual respect. Our team values diverse perspectives and encourages creative problem-solving. You'll find that arenaflex is more than just a workplace – it's a community where your contributions matter and your professional growth is prioritized.

Compensation & Benefits

We offer a competitive annual salary of $80,000 for this position, with flexibility for part-time or full-time arrangements. In addition to competitive compensation, arenaflex provides a comprehensive benefits package that includes:

• Health, dental, and vision insurance coverage


• 401(k) retirement plan with company matching


• Paid time off and holiday schedule


• Professional development and certification support


• Remote work equipment allowance


• Performance bonuses and incentives


• Employee assistance programs

Why Join arenaflex?

arenaflex is at the forefront of cybersecurity innovation, providing an environment where talented professionals can thrive and make meaningful contributions to organizational security. By joining our team, you will become part of a forward-thinking organization that values integrity, excellence, and continuous improvement.

This is an excellent opportunity for experienced GRC professionals who are looking to advance their careers in a supportive, remote-friendly environment. You will work on meaningful projects that directly impact the organization's security posture while developing your expertise in third-party risk management and compliance.

How to Apply

If you are ready to take the next step in your cybersecurity career and meet the qualifications outlined above, we encourage you to apply today. This is your chance to join a dynamic team, work with industry-leading technologies, and contribute to the protection of critical organizational assets.

Don't miss this exciting opportunity to grow with arenaflex – apply now and become part of a team that is shaping the future of cybersecurity governance and risk management!