How do you monitor the security control compliance for third party providers?

It depends on your risks and if you need a certain level of assurance in order to keep your risks to an acceptable level.

Questionnaires are standard, but you need a security person who can understand the responses.

Most 3rd parties get assurance from 3rd party auditing and certification. That’s where SOC 2 Type 2 reports come in handy, ISO 27k certification, etc.