THE OPPORTUNITY

We are seeking a highly experienced Third-Party Risk Management Lead, to oversee the evaluation and management of risks associated with third-party service providers (TSPs) at EirGrid. This role will be responsible for developing and advancing a robust Third-Party Risk Management (TPRM) Programme, collaborating across various business units to minimize risk exposure and ensure external vendors comply with rigorous security, governance, and compliance standards. This strategic position requires blending technical expertise with strong cross-functional collaboration. The role will shape processes, implement automation, and influence policies at senior levels.

Key Responsibilities

• Third-Party Service Provider Management: Maintain a current, accurate, and comprehensive list of all Third-Party Service Providers (TSPs) that can impact the confidentiality, integrity, availability, and safety of the organisation’s systems, applications, services, and data.
• Supply Chain Risk Assessment: Identify, prioritise, and assess TSPs and their critical systems and services through a structured risk assessment process, ensuring alignment with their significance in delivering high-value services.
• Security Risk Evaluation: Conduct thorough evaluations of security risks associated with TSPs to ensure due care reviews are performed prior to entering contractual agreements for acquiring hardware, software, and services.
• Compliance and Regulatory Oversight: Ensure that all TSPs comply with EirGrid’s cybersecurity requirements and applicable national laws and regulatory requirements through ongoing oversight and compliance checks.
• Service Level Agreements (SLAs) Management: Maintain a comprehensive list of applicable Service Level Agreements (SLAs) with TSPs, collaborating with Contract Owners and facilitating performance monitoring and compliance assessment.
• Ongoing Monitoring and Reporting: Continuously monitor security controls of external service providers, introduce automation efficiencies and report any identified weaknesses, deficiencies or compliance issues to appropriate stakeholders.
• Contractual Review and Notifications: Review client contracts and services to determine appropriate clauses and necessity for client notifications regarding changes in status of TSPs, including terminations.
• Risk Assessment on Outsourcing: Conduct thorough risk assessments for outsourcing services and ensure proactive measures are taken to address identified risks through collaboration with contract owners and TSPs.
• Documentation Management: Maintain documentation regarding which compliance requirements are managed by each TSP and which are the responsibility of EirGrid for transparency and accountability.

About You

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Risk Management, or a related field
• At least 6 plus years of experience in cybersecurity, risk management, or compliance roles, with a strong focus on third-party risk assessment.
• Experience in conducting risk assessments or audits of third-party service providers in an enterprise environment.
• In-depth understanding of risk assessment frameworks and methodologies, including qualitative and quantitative risk assessments, and vulnerability assessment techniques specifically tailored for third-party services.
• Hands-on experience implementing and monitoring compliance with cybersecurity standards and frameworks such as ISO 27001, NIST Cybersecurity Framework and regulatory requirements (e.g., GDPR, NIS2, DORA) within the context of vendor management and third-party service providers.
• Proficient in preparing detailed reports, presentations and documentation for management and regulatory compliance.

• Third-Party Service Provider Management: Maintain a current, accurate, and comprehensive list of all Third-Party Service Providers (TSPs) that can impact the confidentiality, integrity, availability, and safety of the organisation’s systems, applications, services, and data.
• Supply Chain Risk Assessment: Identify, prioritise, and assess TSPs and their critical systems and services through a structured risk assessment process, ensuring alignment with their significance in delivering high-value services.
• Security Risk Evaluation: Conduct thorough evaluations of security risks associated with TSPs to ensure due care reviews are performed prior to entering contractual agreements for acquiring hardware, software, and services.
• Compliance and Regulatory Oversight: Ensure that all TSPs comply with EirGrid’s cybersecurity requirements and applicable national laws and regulatory requirements through ongoing oversight and compliance checks.
• Service Level Agreements (SLAs) Management: Maintain a comprehensive list of applicable Service Level Agreements (SLAs) with TSPs, collaborating with Contract Owners and facilitating performance monitoring and compliance assessment.
• Ongoing Monitoring and Reporting: Continuously monitor security controls of external service providers, introduce automation efficiencies and report any identified weaknesses, deficiencies or compliance issues to appropriate stakeholders.
• Contractual Review and Notifications: Review client contracts and services to determine appropriate clauses and necessity for client notifications regarding changes in status of TSPs, including terminations.
• Risk Assessment on Outsourcing: Conduct thorough risk assessments for outsourcing services and ensure proactive measures are taken to address identified risks through collaboration with contract owners and TSPs.
• Documentation Management: Maintain documentation regarding which compliance requirements are managed by each TSP and which are the responsibility of EirGrid for transparency and accountability