Location: Melbourne or Sydney, Australia
Reports to: Global Head of Information Security
The Role
Teneo is seeking a Third-Party Risk Manager (Senior Associate) to support the build-out and day-to-day operation of the firm’s Third-Party Risk Management (TPRM) programme.
This role is suited to a risk professional with a solid foundation in third-party risk, cybersecurity risk, or GRC, who is looking to step into a broader programme role with the opportunity to help shape processes, tooling, and ways of working - with senior support and direction.
You will work closely with Information Security leadership and key stakeholders across procurement, legal, IT, and the business to help establish and run a scalable, risk-based TPRM approach that supports both traditional vendors and emerging technology providers, including AI and SaaS platforms.
Responsibilities
TPRM Programme Build-out & Operation (Primary Focus)
- Support the development and operationalisation of Teneo’s Third Party Risk Management programme, including policies, standards, workflows, and reporting.
- Help implement a scalable, risk-based approach to third-party risk that considers vendor criticality, data sensitivity, and business impact.
- Assist in embedding third-party risk lifecycle processes, including onboarding, due diligence, contracting support, ongoing monitoring, issue management, and off-boarding.
- Contribute to the development and maintenance of repeatable vendor assessment methodologies across professional services, technology providers, SaaS platforms, and AI vendors.
Tooling, Monitoring & Execution
- Support the implementation and ongoing use of Teneo’s third-party risk tooling (UpGuard).
- Assist with configuring dashboards, workflows, and alerts to improve visibility into third-party risk exposure.
- Help triage, track, and follow up on third-party risk issues identified through assessments or tooling.
- Support remediation tracking and escalation in line with agreed risk tolerances.
AI & Emerging Technology Risk
- Support the assessment of AI-enabled and emerging technology vendors, with guidance from senior stakeholders.
- Contribute to third-party risk approaches that consider AI-specific risks such as data usage, privacy, security, and resilience.
- Stay informed on evolving industry guidance and best practices related to AI and third-party risk.
Stakeholder Engagement & Advisory
- Act as a key point of coordination for third-party risk activities across the business.
- Work with procurement, legal, IT, and security teams to support third-party risk activities within sourcing and contracting processes.
- Communicate third-party risk findings clearly to stakeholders, escalating issues where required.
Governance, Reporting & Assurance
- Assist with maintaining third-party risk reporting, metrics, and registers.
- Support audits, client assurance requests, and internal reviews related to third-party risk.
- Help maintain appropriate documentation, evidence, and records to support Teneo’s security and risk objectives.
Basic Requirements
- 4–6+ years of experience in third-party risk, cybersecurity risk, GRC, or technology risk roles.
- Working knowledge of third-party and supply-chain risk concepts, particularly in technology, SaaS, or cloud environments.
- Experience supporting or operating third-party risk assessments and remediation tracking.
- Familiarity with third-party risk tools or continuous monitoring platforms (UpGuard experience desirable but not required).
- Comfortable working in a structured but evolving environment where processes are still being built.
- Strong written and verbal communication skills, with the ability to explain risk clearly to non-technical stakeholders.
Preferred Requirements
- Exposure to assessing SaaS, cloud, or AI vendors and associated data or security risks.
- Familiarity with standards and frameworks such as ISO 27001, NIST, SOC 2, or similar.
- Awareness of common vendor assessment libraries (e.g. SIG, CAIQ).
- Experience working in professional services, consulting, or fast-paced environments.
- Relevant certifications (CISM, CISSP, CRISC, or similar) are beneficial but not required.
What We Can Offer
- Competitive salary
- Health and wellbeing support provided by Intellect Holistic
- $500 annual health and wellness stipend
- Annual leave: 20 days plus three-day annual closure between Christmas Eve and New Year’s Eve
- 1 day of leave during birthday month
- 1 wellness day
- 10 days per annum personal/carer’s leave
About Teneo
Teneo is the global CEO advisory firm. We partner with our clients globally to do great things for a better future.
Drawing upon our global team and expansive network of senior advisors, we provide advisory services across five business segments on a stand-alone or fully integrated basis. Our clients include many of the Fortune 100 and FTSE 100, alongside leading financial institutions and public-sector organisations.
With more than 1,600 employees across 45+ offices worldwide, Teneo delivers expertise across strategic communications, investor relations, financial transactions, management consulting, cyber and physical risk, governance, ESG, and geopolitical advisory.