Senior Consultant, Third Party Risk Management (TPRM) at CNA

You have a clear vision of where your career can go. And we have the leadership to help you get there.At CNA we strive to create a culture in which people know they matter and are part of something important ensuring the abilities of all employees are used to their fullest potential.The Senior Consultant Third Party Risk Management (TPRM) is the front door for new third party engagements. This role co-leads the intake and review of net new vendors serves as the liaison and shepherd across Business Leadership Procurement Legal InfoSec and other stakeholders to create a seamless experience. The role is central to maintaining CNAs standards for vendor onboarding and risk control throughout the lifecycle.JOB DESCRIPTION:Core ResponsibilitiesManage the intake and reviews for all netnew vendors entering the organization; validate scope data flows service criticality and inherent risk indicators at the point of request.Operate the intake workflow across Workday Strategic Sourcing (WSS) and ProcessUnity (PU); ensure requests are properly classified and routed.Collaborate with Procurement to align intake with sourcing milestones (RFP/RFI contract negotiation)Produce Reporting metrics on intake volumes SLA adherence inherent risk distribution and critical third party supplier activities.Apply a pragmatic triage model (e.g. exempt items; existing supplier/same scope; existing supplier/new scope; new supplier/new scope) to focus effort on where risk is highest and eliminate unnecessary reviews.Function as the liaison across Procurement Legal InfoSec/Tech Risk Privacy Business/Operational Resiliency and Finance to orchestrate TPRM activities within the contracting process ensuring a seamless and efficient stakeholder experience.Co-lead endtoend risk assessments for highimpact/new vendors: scoping risk tiering (IRQ) duediligence review (DDQ) and control validation (remote or onsite) with auditready documentation.Coordinate reviews with SMEs (InfoSec Compliance Resiliency Finance); synthesize control gaps and propose remediation acceptance or compensating controls in line with the TPRM policy.Provide coaching to business owners managed service providers and vendors on completing questionnaires evidence expectations and timelines; handle escalations and sensitive assessments with discretion.Lead incremental workflow improvements in WSS/PU and support roadmap initiatives (e.g Intake Optimization IRQ refresh scaled issue management and riskintelligence integrations).Qualifications5-7 years of experience in third-party/vendor risk technology risk or related fields with direct ownership of new vendor onboarding and due diligence assessments.Proven ability to operate at pace in a procurementdriven environment triaging high volumes and prioritizing new supplier/new scope engagements.Demonstrated experience coordinating across InfoSec Legal Privacy Resiliency Finance and business stakeholders translating policy expectations into practical contract terms and controls.Excellent written and verbal communication; executivecaliber reporting and stakeholder management for highvisibility vendors.Things that set you apartCertifications: CTPRP/CTPRA CISA CRISC CISSP or similar.Experience with riskintelligence platforms (e.g. Supply Wisdom Black Kite) and AIassisted control/evidence evaluation capabilities.Background in insurance/financial services vendor governance or regulatory frameworks relevant to outsourcing data protection operational resilienceIntake mastery - ability to quickly classify requests separate exempt/lowrisk from highimpact cases and keep pipelines flowing without bottlenecks.Orchestration and influence: crossfunctional leadership and stakeholder alignment throughout contracting and onboarding; strong meeting facilitation.Tool fluency - ProcessUnity administration/usage and WSS intake routing; comfort with dashboards SLAs/KPIs and audit trails.Risk Judgment & Decisioning: Makes timely defensible inherent risk determinations with clear rationale.Process Excellence: Builds and enforces standardized intake workflows SLAs and data quality checks.Stakeholder Partnership: Collaborates cross-functionallyDetail Orientation: Catches gaps in scope data during risk reviews.Systems & Data Literacy: Comfort with dashboards forms integrations and vendor artifacts (SOC reports SIG CAIQ).Communication: Clear concise and business-friendly briefings and guidance.#LI-Hybrid#Li-CP1In certain jurisdictions CNA is legally required to include a reasonable estimate of the compensation for this District of Columbia California Colorado Connecticut Illinois Maryland Massachusetts New York and Washington the national base pay range for this job level is $72000 to $141000 determinations are based on various factors including but not limited to relevant work experience skills certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees and their family members achieve their physical financial emotional and social wellbeing goals. For a detailed look at CNAs benefits please visit.CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation please contact.Required Experience:Senior IC Key Skills Children Activity,Graphic Designing,Information Technology,FX,Airlines,Asic Employment Type : Full-Time Experience: years Vacancy: 1 Yearly Salary Salary: 72000 - 141000