Назад
Company hidden
5 дней назад

Third-Party Risk Manager (Legal & Compliance)

Формат работы
remote (только Europe)
Тип работы
fulltime
Английский
b2
Страна
Poland/Romania/Georgia +3 еще
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Third-Party Risk Manager (Legal & Compliance): Own the vendor and third-party risk lifecycle for a fast-scaling tech company with an accent on due diligence, risk rating, contractual safeguards, and ongoing monitoring. Focus on managing supplier assurance, ISMS audit readiness, risk assessments, privacy operations, and governance reporting within regulated environments.

Location: Remote within Bulgaria, Georgia, Gibraltar, Malta, Poland, or Romania

Company

hirify.global is a fast-scaling product development company headquartered in Gibraltar, operating at the intersection of technology and entertainment, focused on social gaming innovation.

What you will do

  • Own the full vendor risk lifecycle including due diligence, security questionnaires, risk rating, contractual safeguards, and ongoing monitoring.
  • Track fourth-party dependencies and concentration risk aligned with DORA ICT and ISO 27001 supplier controls.
  • Support ISMS policy maintenance, control mapping, and audit readiness across entities and clients.
  • Execute risk assessments using ISO 31000 methodology and contribute to RCSA workshops and remediation tracking.
  • Support privacy operations including RoPA maintenance, DPIAs, and data subject requests focusing on vendor and group entity arrangements.
  • Prepare governance reporting materials and maintain accurate, visible third-party risk registers.

Requirements

  • Location: Must be able to work remotely from Bulgaria, Georgia, Gibraltar, Malta, Poland, or Romania.
  • Proven track record in GRC, IT audit, vendor risk, or information security with hands-on third-party risk responsibility.
  • Practical experience with vendor due diligence, security questionnaires (SIG, CAIQ, or equivalent), and contractual risk review.
  • Working knowledge of ISO/IEC 27001:2022 supplier controls, ISO 31000, GDPR processor obligations; familiarity with DORA third-party requirements is a plus.
  • Strong independent thinking and pragmatic compliance mindset balancing rigor with business momentum.
  • Clear and precise communication skills for questionnaires, risk memos, and supplier-facing responses.

Nice to have

  • Experience in iGaming, fintech, or other regulated sectors.
  • Exposure to TPRM/GRC platforms such as OneTrust, ProcessUnity, Whistic, or CISO Assistant.
  • Certifications like ISO 27001 Lead Implementer/Auditor, CTPRP, CIPP/E, CISA, or CRISC.
  • Familiarity with SOC 2 Type II or PCI-DSS supplier scoping.

Culture & Benefits

  • Work in a fast-scaling, high-performance product company at the intersection of technology and entertainment.
  • Autonomy to innovate and take ownership in a critical compliance domain.
  • Collaborate with infrastructure, security, procurement, and product teams globally.
  • Commitment to diversity, equal opportunities, and inclusive work environment.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →