Location: Melbourne or Sydney, Australia
Reports to: Global Head of Information Security
The Role
Teneo is seeking a Third-Party Risk Manager (Senior Associate) to support the build-out and day-to-day operation of the firm's Third-Party Risk Management (TPRM) programme.
This role is suited to a risk professional with a solid foundation in third-party risk, cybersecurity risk, or GRC, who is looking to step into a broader programme role with the opportunity to help shape processes, tooling, and ways of working - with senior support and direction.
You will work closely with Information Security leadership and key stakeholders across procurement, legal, IT, and the business to help establish and run a scalable, risk-based TPRM approach that supports both traditional vendors and emerging technology providers, including AI and SaaS platforms.
Responsibilities
TPRM Programme Build-out & Operation (Primary Focus)
* Support the development and operationalisation of Teneo's Third Party Risk Management programme, including policies, standards, workflows, and reporting.
* Help implement a scalable, risk-based approach to third-party risk that considers vendor criticality, data sensitivity, and business impact.
* Assist in embedding third-party risk lifecycle processes, including onboarding, due diligence, contracting support, ongoing monitoring, issue management, and off-boarding.
* Contribute to the development and maintenance of repeatable vendor assessment methodologies across professional services, technology providers, SaaS platforms, and AI vendors.
Tooling, Monitoring & Execution
* Support the implementation and ongoing use of Teneo's third-party risk tooling (UpGuard).
* Assist with configuring dashboards, workflows, and alerts to improve visibility into third-party risk exposure.
* Help triage, track, and follow up on third-party risk issues identified through assessments or tooling.
* Support remediation tracking and escalation in line with agreed risk tolerances.
AI & Emerging Technology Risk
* Support the assessment of AI-enabled and emerging technology vendors, with guidance from senior stakeholders.
* Contribute to third-party risk approaches that consider AI-specific risks such as data usage, privacy, security, and resilience.
* Stay informed on evolving industry guidance and best practices related to AI and third-party risk.
Stakeholder Engagement & Advisory
* Act as a key point of coordination for third-party risk activities across the business.
* Work with procurement, legal, IT, and security teams to support third-party risk activities within sourcing and contracting processes.
* Communicate third-party risk findings clearly to stakeholders, escalating issues where required.
Governance, Reporting & Assurance
* Assist with maintaining third-party risk reporting, metrics, and registers.
* Support audits, client assurance requests, and internal reviews related to third-party risk.
* Help maintain appropriate documentation, evidence, and records to support Teneo's security and risk objectives.
Basic Requirements
* 4–6+ years of experience in third-party risk, cybersecurity risk, GRC, or technology risk roles.
* Working knowledge of third-party and supply-chain risk concepts, particularly in technology, SaaS, or cloud environments.
* Experience supporting or operating third-party risk assessments and remediation tracking.
* Familiarity with third-party risk tools or continuous monitoring platforms (UpGuard experience desirable but not required).
* Comfortable working in a structured but evolving environment where processes are still being built.
* Strong written and verbal communication skills, with the ability to explain risk clearly to non-technical stakeholders.
Preferred Requirements
* Exposure to assessing SaaS, cloud, or AI vendors and associated data or security risks.
* Familiarity with standards and frameworks such as ISO 27001, NIST, SOC 2, or similar.
* Awareness of common vendor assessment libraries (e.g. SIG, CAIQ).
* Experience working in professional services, consulting, or fast-paced environments.
* Relevant certifications (CISM, CISSP, CRISC, or similar) are beneficial but not required.
What We Can Offer
* Competitive salary
* Health and wellbeing support provided by Intellect Holistic
* $500 annual health and wellness stipend
* Annual leave: 20 days plus three-day annual closure between Christmas Eve and New Year's Eve
* 1 day of leave during birthday month
* 1 wellness day
* 10 days per annum personal/carer's leave
About Teneo
Teneo is the global CEO advisory firm. We partner with our clients globally to do great things for a better future.
Drawing upon our global team and expansive network of senior advisors, we provide advisory services across five business segments on a stand-alone or fully integrated basis. Our clients include many of the Fortune 100 and FTSE 100, alongside leading financial institutions and public-sector organisations.
With more than 1,600 employees across 45+ offices worldwide, Teneo delivers expertise across strategic communications, investor relations, financial transactions, management consulting, cyber and physical risk, governance, ESG, and geopolitical advisory.
#LI-Hybrid