What is third party risk management? What does one do in that field? How is it different than IT risk management?

Posting as :
works at
You are currently posting as works at

Managing the cyber risk of all third party vendors, suppliers, relationships. Performing assessments, tiering risk of findings in networks of all third parties, monitoring those relationships, sourcing and contracting out new vendors and suppliers for the enterprise


TPRM goes beyond IT


Managing risks related to vendors, contractors, suppliers, service providers, etc. It can be any vendor not just a vendor that provides IT services


TPRM isn’t just aligned to IT it’s ALL vendors an organization is dealing with


Assessing your vendors, identifying the risks that come up with hiring a third part vendor/supplier. Assessing what kind of access they have etc. etc.

This all also ties back to BCP/DR

How does the compensation in TPRM look like?

Yeah so TPRM in industry would be boring, but TPRM consulting is better - it is more strategy than audit.

Similarly for comp: great in consulting, probably less so in industry


Think of the application of enterprise risk management outside the confines of your organization

The bane of my existence

At EY they have TPRM business consulting and also within cyber tech consulting they have a capability that covers TPRM. So there is some overlap there. Honestly it is all questionnaire and generating reports. Inbox me if you have more questions or want ideas on how to get involved.

What can one do when they leave TPRM for industry?


Related Posts

I’m a midlevel tax attorney at a well-respected Amlaw 200 firm. I received two offers (one from a V10 and other from a V50), and was wondering whether I should jump ship. I like my group, the relative work-life balance and the occasional sophisticated tax work, but I don’t think I’ll be marketable in a couple of years due to seniority. I’m hesitant to leave behind the goodwill, but I’m also drawn to the prestige and more money (my firm is slightly below market).


Will they every do a rolling testing window where you can take whichever exam whenever you want?

There is coin for it!


Ladies. How and how soon after do you wash down there after sex


Any other brides-to-be a little nervous that they won't love their dress when it actually arrives and go to pick it up??


SPED teachers in AZ, do you recommend working for the District or a Charter School?

What’s the best dog training center/class in NYC? Looking for something to get me through the first few months of puppyhood. Have about 5-10k budgeted for training, want something that both trains me as an owner and helps me train my new dog!


What is expected Salesforce Senior Engagement Manager TC?


How do you deal with your employees giving you attitude and being argumentative, especially on emails? This is someone who has been on a performance plan for over 3 months.


Hi EY folks I was said to take WFH initially during the screening but after joining they are asking me to work from client office atleast from Jan 2023 how do I handle this ? I can’t really work from office due to my family constraints rather I would resign 😨

Please suggest


Can anyone please refer me for a data science job?


Top certs to get for dev ops engineer? Currently have AWS-SAA and security +. Would other certs help in getting a pay bump or is experience alone enough?


On the theme of Black singles…what’s your favorite podcasts about dating/relationships/long term partnerships. I recently got plugged into Nice & Neat and wondering if there’s anymore positive or neutral thought-provoking podcasts?


My agency uses recruiting agencies. One recruiter is going to give me a gift. Should I give her one? I never have in the past but she and I have developed a nice relationship.


So much trash medical information out there around covid. Drives me insane


QUESTION – can Florida taxable income be reduced for depreciation for which no tax benefit has been derived due to the federal 469 limitations? It is also worth noting that we have multi-year 469 carryovers into 2019. Also, we know California allows for this type of State level offset so that the state 469 c/o will be different than federal.

If this was not a closely held corp subject to 469, there would be no issue here as the current year NOL would exceed the bonus depreciation add back.


How’s Cannes been for you?

Does anyone know LinkedIn’s AOR?

Has anyone on here (from PwC) made the transfer to ITS from PCS? Looking to hear about what the process was like, and what tips they may have for me. Thanks!


Thought's on Speedy FOIS?


Additional Posts in Cyber Security Bowl

Hi! Where should I start if I’m looking into copywriting/marketing for cybersecurity co.? I’ve looked for jobs at Crowdstrike etc. but wondering what resources or organizations I should look into for becoming more fluent in security topics. Thank you!


Any fish with BCG cyber in the Miami area open to connecting? Considering a move...both security and strategy experience along with serving as adjunct at UMiami. 😊


How much do Senior Consultants in Cybersecurity make in your firm? Trying to figured out if I’m being underpaid.


How is EY compared to Deloitte Cyber? Feels like Deloitte is turning to an implementation/staff augmentation shop...is it the same with all the other Big 4?


Have any of you pursued a graduate certificate in cyber security? If so, did you find any value in it? I currently have Bachelors and Sec+. I’m looking to obtain my AWS CCP in the few coming weeks and was looking for what to get next. I entertain the idea of continuing to pursue my education but I don’t want to incur too much debt with a masters.


Does formatting destroy data on a HDD?


Does anyone have idea what a typical salary for a CISO in a mid size german company is? Looking for a range in Euros to get a better idea.


I am 3rd yr SC with a b4 in US Cybersec practice. Total of 7.5 yoe. I have a bachelors degree in Biotech from India. Aspire to make the transition over to a more leadership role. Cont..

What's the comp for penetration testers (both industry and consulting) in a HCOL area? Currently in risk assurance in Seattle, thinking about switching.

Any insight on the culture of InfoSec at Hulu?


Anyone here working for Cloud at McKinsey? Interested in applying there for a job, specifically for AWS cloud security roles (AWS cloud security architect, AWS cloud architect)


Does anyone have experience with cyber capabilities @Charles River Associates?

Twitter just updated privacy settings for GDPR. #aheadofthecurve


What are your thoughts on how we deliver value from a financial perspective? Most of my projects are driven by compliance and often there’s resistance for organizations to invest in cyber due to cost.


A majority of the technical cyber job postings near me are positions around working in a SOC for threat intelligence, incident response, etc.

Pros and Cons of entering this area of cyber? (Been in cyber for a few years, but never worked in a SOC though)


Booz Allen cyber 🐠
What domain are you specialized in, level, YOE, location, and base salary? I got asked a salary question today by a recruiter and now I’m curious if the numbers I gave were ridiculous or not.


Thoughts on CEH?

Just finished my Masters in Cybersecurity, is studying for the security + necessary or a requirement to break into the industry now that I am done?


Symantec DLP or Digital Guardian and why?


New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here


Embed this post

Copy and paste embed code on your site


Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone


Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or