Experienced Third-Party Risk Management (TPRM) Professional – Governance, Risk & Compliance Cybersecurity Specialist (Remote, Part/Full Time)

• --

Join arenaflex as a GRC Cybersecurity Professional

Are you ready to elevate your career in cybersecurity and make a meaningful impact within a dynamic organization? arenaflex is seeking an experienced Third-Party Risk Management (TPRM) Professional to join our elite Cybersecurity team. This is a fantastic opportunity to work from the comfort of your home while contributing to critical governance, risk, and compliance initiatives that protect our organization's digital landscape.

At arenaflex, we believe that cybersecurity is not just about protecting data—it's about building trust, ensuring business continuity, and enabling innovation. As a member of our Cybersecurity team, you will play a pivotal role in managing third-party risks, maintaining regulatory compliance, and implementing robust security frameworks that align with our organizational objectives.

About the Cybersecurity Team at arenaflex

Our Cybersecurity team consists of passionate and skilled professionals who are dedicated to formulating and implementing strategies that help the organization achieve its business goals while effectively managing risks and meeting industry standards. We pride ourselves on staying ahead of emerging threats and continuously innovating in the cybersecurity space. Our collaborative environment encourages knowledge sharing, professional growth, and the pursuit of excellence in all that we do.

This role reports directly to the Manager of Governance, Threat and Compliance within our Cyber and Data Safety division. You will be working alongside experienced professionals who are committed to fostering a culture of security awareness and compliance excellence throughout the organization.

Key Responsibilities

As a TPRM Professional at arenaflex, you will be responsible for driving our third-party/internal risk management program and ensuring the effective execution of various cybersecurity initiatives. Your primary duties will include:

Third-Party Risk Management (TPRM)

• Lead and support the organization's global third-party/internal risk methodology for conducting cyber risk-related due diligence assessments


• Validate incoming third-party and internal risk assessment requests, collaborating with business stakeholders to confirm request details and engagement scope


• Conduct kick-off meetings with business stakeholders and relevant third parties for conducting thorough risk assessments


• Coordinate the distribution of due diligence questionnaires to internal stakeholders and third parties, reviewing submitted questionnaires for completeness


• Analyze questionnaire responses and identify risks arising from the design and operational effectiveness of internal/third-party security controls


• Document responses, associated findings, and remediation plans in our enterprise systems


• Draft and review assessment reports for completed checks, ensuring respective business stakeholders finalize reviews


• Serve as a strong liaison to address queries related to risk control techniques and evaluations for business units or third parties as required


• Perform continuous monitoring of third parties through our systems for current and new findings, tracking findings to closure


• Identify opportunities for improvement within our systems and strategies


• Work closely with Risk Lead/Supervisor to schedule and execute a range of supporting activities related to the risk management program

Governance, Risk, and Compliance

• Lead and support the development of cybersecurity risk and compliance-related strategies to ensure treatment of cybersecurity risk consistent with the organization's risk appetite


• Maintain and document compliance with information security-related guidelines and processes through planning, testing, remediating, tracking, and reporting on control reviews and risk assessments


• Lead the development and delivery of compliance and risk education and ongoing communications that help build a culture of security and compliance


• Stay abreast of regulatory changes, new guidelines, technology advancements, and internal policy modifications to identify emerging risk areas


• Lead activities to maintain and guide ISO 27001 certification

Essential Qualifications & Experience

To succeed in this role, you must possess:

• Educational Background: Relevant Bachelor's/Master's degree from an accredited university or equivalent professional experience


• Industry Experience: Minimum 4 years of experience in third-party risk control, information security, and audit and compliance tracking (with at least 2-3 years specifically in TPRM or Internal Audit)


• Preferred Background: Experience working with large enterprises and/or major professional services firms


• Technical Knowledge: Strong working understanding of information security best practices and requirements, including ISO 2700x, SOC 2 requirements, SSAE 16/18 requirements, and other relevant frameworks


• Risk Management Expertise: Demonstrated experience in managing risks, controls, and compliance initiatives


• Risk Assessment Skills: Knowledge of risk assessment methodologies—both qualitative and quantitative approaches


• Certifications (Preferred): One or more of the following: CISA, CRISC, ISO27001 Lead Implementer/Auditor, CISSP


• Technical Innovation: Experience in AI/ML applications within cybersecurity is a plus

Core Competencies & Skills

We're looking for professionals who demonstrate:

• Outstanding Stakeholder Management: Ability to effectively communicate and collaborate with diverse business units and external partners


• Analytical Excellence: Strong analytical and problem-solving abilities to assess complex risk scenarios


• Communication Skills: Excellent presentation making and delivery capabilities, with strong verbal and written communication skills


• Adaptability: Ability to navigate fast-paced environments and be flexible with working hours


• Change Management: Quick adaptation to changing conditions and ability to drive quality change initiatives


• Interpersonal Abilities: Strong interpersonal skills to build relationships across the organization

Personal Attributes for Success

The ideal candidate will exhibit:

• A proactive approach to identifying and addressing security risks before they materialize


• Exceptional attention to detail when reviewing assessments, questionnaires, and compliance documentation


• The ability to work independently while also contributing effectively to team objectives


• A commitment to continuous learning and professional development in the cybersecurity field


• Strong organizational skills with the ability to manage multiple concurrent assessments and deadlines


• High ethical standards and a commitment to maintaining confidentiality

Career Growth & Learning Opportunities

At arenaflex, we invest in your professional development. As part of our Cybersecurity team, you will have access to:

• Comprehensive training programs on industry-leading frameworks and standards


• Mentorship from senior cybersecurity professionals and compliance experts


• Opportunities to obtain advanced certifications (CISA, CRISC, CISSP, ISO 27001)


• Exposure to cutting-edge cybersecurity technologies and methodologies


• Career advancement pathways into senior risk management, compliance leadership, or specialized cybersecurity roles


• Cross-functional collaboration opportunities across various business units

Work Environment & Culture

arenaflex offers a flexible remote work arrangement that allows you to maintain a healthy work-life balance while contributing to meaningful cybersecurity initiatives. Our culture is built on collaboration, innovation, and a shared commitment to protecting our organization's assets and reputation.

You will join a team that values diverse perspectives, encourages open communication, and fosters an environment where everyone can thrive. We believe that happy, motivated team members deliver exceptional results, and we strive to create a supportive atmosphere where your contributions are recognized and appreciated.

Compensation & Benefits

We offer a competitive compensation package that includes:

• Annual salary of $80,000 (commensurate with experience and qualifications)


• Comprehensive health, dental, and vision insurance coverage


• Retirement savings plan with company matching


• Flexible paid time off and holiday schedule


• Professional development reimbursement program


• Home office stipend for remote workers


• Access to wellness programs and employee assistance resources

Why Join arenaflex?

arenaflex is more than just a workplace—it's a community of dedicated professionals who are passionate about cybersecurity and risk management. By joining our team, you will:

• Make a tangible impact on our organization's security posture and risk management framework


• Work with cutting-edge technologies and methodologies in the cybersecurity space


• Collaborate with industry experts who are committed to your growth and success


• Enjoy the flexibility of remote work while remaining connected to a supportive team


• Build a rewarding career with clear advancement opportunities


• Be part of an organization that values integrity, innovation, and excellence

Apply Today

If you are ready to take the next step in your cybersecurity career and join a team that values expertise, collaboration, and innovation, we encourage you to apply for this exciting opportunity. At arenaflex, your skills and dedication will be rewarded with a competitive salary, comprehensive benefits, and the chance to grow within a forward-thinking organization.

Don't miss this opportunity to contribute to meaningful cybersecurity initiatives while advancing your professional journey. Apply now and become part of the arenaflex family!

arenaflex is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.