Capitole keeps growing and we want to do it with you!
We are looking for a IT Vendror Risk Analyst / Third-Party Risk Management (TPRM) Specialist to join a growing international organization operating in a highly regulated environment.
In this role, you will play a key part in ensuring that risks associated with third-party vendors are properly identified, assessed, and managed across the group. You will work closely with Procurement, IT, Security, and Risk teams to strengthen vendor governance and support regulatory compliance initiatives.
This is a fully remote position within an international and collaborative environment.
Key Responsibilities
* Perform risk assessments of third-party vendors (pre- and post-contract).
* Evaluate suppliers’ control environments, focusing on IT, security, and operational risks.
* Identify and document risks, and define mitigation and remediation actions.
* Monitor vendor risk throughout the lifecycle, including periodic reassessments.
* Collaborate with Procurement and Legal teams during onboarding and contracting processes.
* Support the implementation and improvement of Third-Party Risk Management frameworks.
* Ensure alignment with internal policies and regulatory requirements (e.G., DORA, ISO standards).
* Track and report on vendor risk exposure, remediation status, and compliance.
* Prepare clear and structured reports and presentations for senior stakeholders.
* Act as a point of contact for vendor risk topics across different business entities.
Required Skills & Experience
* +4 years of experience in IT Risk, GRC, Third-Party Risk Management, or similar roles.
* Strong understanding of vendor risk assessment methodologies.
* Experience working with regulatory frameworks (e.G., DORA, ISO 27001, NIST, or similar).
* Background in IT, cybersecurity, risk, or compliance is highly valued.
* Experience in multinational or regulated environments (banking, insurance, consulting, etc.).
* Strong analytical and problem-solving skills.
* Ability to work autonomously in a remote and international environment.
* Excellent communication and stakeholder management skills.
* Fluent English (mandatory). Spanish will be desirable
Nice to Have
* Experience with GRC or TPRM tools.
* Exposure to procurement or vendor management processes.
* Knowledge of outsourcing regulations or operational resilience frameworks.
* Certifications such as CISA, CRISC, ISO 27001, or similar.
We are great, but with you we will be even more