Certified Career Enhancer

Seeking a promotion or a new job?  The Certified Third Party Risk Professional (CTPRP) designation is worth considering.


In a recent survey of CTPRP designees, 80 percent of respondents reported that the CTPRP training improved their ability to fulfill their job duties. 47 percent of respondents indicated that their CTPRP certification helped them land a new job or earn a promotion.


The CTPRP designation from the Shared Assessments Program validates expertise, providing professional credibility, recognition, and marketability in third party risk management (TPRM). Professionals who have earned their CTPRP designation work in a variety of domains, including security, privacy, compliance, procurement, business resilience, legal, audit, IT vendor management and even facilities management.


“I was promoted from a senior analyst to a director, and the majority of that decision was based on how I’ve applied the CTPRP training here at the bank,” notes Dan Browder, CTPRP, who serves as director, information security risk – communications, support and incident response at First National Bank of Omaha. “…It’s really changed the direction of my career. Inside the company, I’m a primary advocate for analyzing third parties. Outside the company, I’ve been speaking about third-party risk at information security conferences.” Browder is one of several third party risk management professionals who have discussed how earning and retaining the designation enhanced their careers.


The CTPRP survey polled CTPRPs about their professional backgrounds, roles, reporting relationships and salaries. The infographic below and following text explore key findings related to career benefits:



Years of TPRM experience:

  • More than nine years (50%)
  • Five to seven years (20%)
  • Three to five years (20%)

Current TPRM role:

  • Risk Manager (40%)
  • Risk Assessor (37%)

Time personally dedicated to TPRM activities each week:

  • More than 40 hours (36%)
  • 30-40 hours (26%)
  • Less than 10 hours (18%)

Where TPRM resides in the organizational structure:

  • Dedicated TPRM Group (27%)
  • Within information security (25%)
  • Within operational risk management (14%)
  • Within vendor management (12%)

Is a senior-level executive responsible for TPRM?

  • Yes (77%)
  • No (17%)
  • Unsure (6%)

Does a committee/group at the board of directors level focus on third party risk?

  • Yes (46%)
  • No: (42%)
  • Unsure (12%)

CTPRP’s current annual compensation range:

  • More than $120,000 (29%)
  • $90,000 to $120,000 (68%)


Prior to taking on their current TPRM role, most survey respondents worked in information security or vendor management. While only about 1 in 10 respondents were required to earn the CTPRP certification, more than 70 percent of them report that they were encouraged to do so. Finally, 49 percent of responding CTPRPs are male, 43 percent are female and the remainder prefer not to share their gender.


The Shared Assessments Program began providing the CTPRP training program in 2016.  Since then, more than 1,000 risk management professionals have earned the certification. More recently, Shared Assessments developed the Certified Third Party Risk Assessor (CTPRA) designation, which validates knowledge within specific IT risk control domains that an individual will need in order to perform a thorough IT risk evaluation of a third party during an assessment.


For more on earning and retaining the CTPRP, click here.

For more on earning and retaining the CTPRA, click here.

For help determining which certification is best for you, click here.