Capitole keeps growing and we want to do it with you!
We are looking for a IT Vendror Risk Analyst / Third-Party Risk Management (TPRM) Specialist to join a growing international organization operating in a highly regulated environment.
In this role, you will play a key part in ensuring that risks associated with third-party vendors are properly identified, assessed, and managed across the group. You will work closely with Procurement, IT, Security, and Risk teams to strengthen vendor governance and support regulatory compliance initiatives.
This is a fully remote position within an international and collaborative environment.
Key Responsibilities
* Perform risk assessments of third-party vendors (pre- and post-contract).
* Evaluate suppliers' control environments, focusing on IT, security, and operational risks.
* Identify and document risks, and define mitigation and remediation actions.
* Monitor vendor risk throughout the lifecycle, including periodic reassessments.
* Collaborate with Procurement and Legal teams during onboarding and contracting processes.
* Support the implementation and improvement of Third-Party Risk Management frameworks.
* Ensure alignment with internal policies and regulatory requirements (e.g., DORA, ISO standards).
* Track and report on vendor risk exposure, remediation status, and compliance.
* Prepare clear and structured reports and presentations for senior stakeholders.
* Act as a point of contact for vendor risk topics across different business entities.
Required Skills & Experience
* +4 years of experience in IT Risk, GRC, Third-Party Risk Management, or similar roles.
* Strong understanding of vendor risk assessment methodologies.
* Experience working with regulatory frameworks (e.g., DORA, ISO 27001, NIST, or similar).
* Background in IT, cybersecurity, risk, or compliance is highly valued.
* Experience in multinational or regulated environments (banking, insurance, consulting, etc.).
* Strong analytical and problem-solving skills.
* Ability to work autonomously in a remote and international environment.
* Excellent communication and stakeholder management skills.
* Fluent English (mandatory). Spanish will be desirable
Nice to Have
* Experience with GRC or TPRM tools.
* Exposure to procurement or vendor management processes.
* Knowledge of outsourcing regulations or operational resilience frameworks.
* Certifications such as CISA, CRISC, ISO 27001, or similar.
We are great, but with you we will be even more For this you will have:
Budget of €1,200 for individual training so you can use it for whatever you want
Follow up with your team every month to have continuous feedback.
Full Remote.
Time flexibility to help you balance your professional/family life.
Private medical insurance paid entirely by Capitole
Flexible remuneration (restaurant, transportation and/or daycare tickets).
Wellhub
Discounts on big brands for employees (Club Capitole)
So you can meet the whole family:
Team Buildings every two months. You can't miss the summer party or Christmas dinner!
Soccer team sponsored by Capitole.
Technological communities so you can share your knowledge and ideas with other teams.
Last but not least, a GREAT TEAM!
Don't you know us yet? Discover us!! https://capitole-consulting.com/
See what they think of us
https://www.glassdoor.es/Opiniones/Capitole-Consulting-Opiniones-E2060890.htmlE2060890.html
The employee will adhere to the information security policies:
* He/she will have access to confidential information relating to Capitole and the project he/she is working on.
* Will have to comply with the security policies and internal policies of the company and client.
* You will have to sign an NDA.