Third-party and I&T Risk Specialist Job

Date published: May 9, 2024

ID: 12578 Location: Budapest Task: IT Security Consultant

As an IT Third-Party Risk Management Specialist, you will be part of the I&T Risk Team which is part of the IT Governance Risk and Compliance department.
Being a horizontal capability within IT, we are in touch with all segments of GBS IT to ensure the systematic and overarching embeddedness of risk management practices, including third-party risk management. The role is contributing to the improvement of GBS ITs Third-Party and I&T Risk Management Framework and program in conjunction with global risk management initiative. This role strongly and closely collaborates with Governance, Compliance, Resilience teams and all other IT functions.


  • Contribute to the development and improvement of the organizations Third-Party Risk Management Framework (TPRM) and processes as part of the overarching Risk Management Framework.
  • Ensure that ITs TPRM framework is coherent, consistent, comprehensive, audit ready and fits with applied global principles, standards, directives, and the companys goals.
  • As part of GRC, contribute to the continuous improvement of risk-based operations within the organization, to make it more effective, proactive, and fully embedded into the daily routine.
  • Participating in major strategic initiatives implementation and ensure the consideration of risk related requirements.
  • Contribute to the treatment of identified risks assisting in finding practical and cost-effective solutions.
  • Build and maintain strong relationship with risk associates, including Enterprise Risk Management as well.
  • Work in relation and conformity with internal and external auditors when needed.
  • Monitor and measure the maturity level and risk status of the organization.
  • Actively engaging in end-to-end risk treatment planning, resolution, and monitoring activities.
  • Providing aggregated risk supervision for various high impact areas of IT services for core components of IT risk measurement and reporting activities.
  • Monitoring the performance and quality of the effectiveness of the TPRM.
  • Participate in procurement processes to represent the TPRM related requirements.
  • Participating in the third parties lifecycle management, including but not limited to their on- and offboarding.
  • Define and monitor KPIs and ensure that these are communicated and understood.
  • Perform risk assessments on regular basis with multiple methodologies.
  • Participation in deviation management activities to represent strong risk-based mindset.

Competencies were looking for

  • Service management mindset and quality focus are bare minimum.
  • Ability to understand strategies, provided services and challenges of a complex organization.
  • Familiarity with control frameworks and best practices such as CIS, ISO27k, NIST and ITIL.
  • Globally recognized certificates like CRISC, CISM, CGEIT, CDPSA are advantage.
  • Project & program management.
  • Ability to understand dependencies amongst various initiatives and based on this setting priorities.
  • Governance knowledge, experience is an advantage.
  • Experience in enterprise level risk management is also an advantage.
  • Experience with various TPRM & IT risk management methodologies tools is also an advantage.

Personal skill

  • Critical thinking and holistic mindset.
  • Ability to manage multiple threads.
  • Strong communication and interpersonal skills, ability to influence others and help them to grow.
  • Ability to analyze large amounts of new information quickly, identify correlations and dependencies, in addition, to resolve complex problems, and find solutions problem solving attitude.

Application with CV

Allowed File Types: DOC, DOCX, PDF, RTF.
MAXIMUM 2 files (MAXIMUM 10 MB per files).