Senior Associate - Cyber Risk

Location: Remote

Duration: 6 months with potential for extension

Job Description

Tiger Advisory provides premier cybersecurity consulting services, helping clients manage risks, strengthen resilience, and achieve compliance in an ever-evolving digital landscape. Our mission is to empower organizations by delivering tailored risk management strategies and insights that safeguard their operations while driving growth. We collaborate with clients across industries such as financial services, healthcare, energy technology, and manufacturing, ensuring they are prepared to meet today’s complex cybersecurity challenges.

We are seeking a Cyber Third-Party Governance Risk Assessor with deep expertise in regulatory compliance, vendor risk management, and cybersecurity governance frameworks. The successful candidate will bring a strong mix of advisory skills, technical understanding, and client-facing experience to help organizations build resilient vendor ecosystems.

What You’ll Contribute

• Lead vendor due diligence and ongoing assessments, reviewing evidence such as SOC 2, ISO 27001, HIPAA/HiTRUST certifications, penetration tests, and security policies.
• Assess third-party control environments against frameworks and regulations including NIST CSF, ISO 27001, GDPR, PCI-DSS, HIPAA, and HiTRUST.
• Develop, implement, and enhance third-party risk governance programs, aligning them with client enterprise risk management objectives.
• Provide executive-level advisory, translating technical risk findings into business-aligned recommendations.
• Support clients in leveraging GRC platforms (e.g., Archer, OneTrust, ProcessUnity, JupiterOne, StrikeGraph, Vanta) to streamline risk assessments, monitoring, and reporting.
• Present results to senior stakeholders (CISOs, Risk Committees, Procurement Leaders) in a clear, business-aligned manner.
• Collaborate with internal teams and client stakeholders to track remediation progress and validate corrective actions to ensure risks are managed effectively.
• Contribute to business development efforts by supporting go-to-market strategies and assisting with proposals related to third-party governance services.

What We’re Seeking

• Bachelor’s or Master’s degree in Cybersecurity, Information Assurance, or related field (M.Tech or equivalent a plus).
• 5+ years of experience in cybersecurity, risk management, or IT audit, with significant focus on third-party/vendor risk governance.
• Proven expertise across regulatory frameworks: NIST CSF, ISO 27001, HIPAA, HiTRUST, GDPR, PCI-DSS, SOC 2.
• Hands-on experience with GRC platforms and TPRM workflows.
• Professional certifications such as CISM, ISO 27001 Lead Auditor, CISA, CRISC, CISSP, or CTPRP highly valued.
• Strong analytical and advisory skills, with the ability to evaluate technical details and deliver clear, executive-ready insights.
• Exceptional communication and client-facing presence, with experience engaging stakeholders in regulated industries (financial services, healthcare, government, etc.).
• Ability to manage multiple client projects in parallel and deliver under tight deadlines.

Our Offer to You

• An opportunity to advise senior executives and directly influence cybersecurity and governance strategies.
• A collaborative and entrepreneurial consulting culture that values innovation, ownership, and measurable impact.
• Exposure to diverse industries and regulatory environments, broadening both technical and advisory expertise.
• Career growth within a fast-scaling consulting practice, with opportunities for specialization in TPRM and governance.