Use IP SLA on the internal router to fail-over from local MPLS route to the one leading to CP GW.
As this is a "remote vpn site is third party vendor using dynamic ip", you may have tough luck configuring VPN portion of your plan.
If you can persuade third party to switch to CP, you can use certificate-based VPN with dynamic IP.
Otherwise, you may be better off using native Cisco VPN between your perimeter router and that of the third party site.
It may look something like this:
Site-to-Site VPN tunnel with Dynamic Peer IP address |example with PSK and PKI (CCIE Notes) – Networ...
While using CP for post/pre-VPN traffic filtering.
There is also this write-up that may point you to the right direction:
How to Configure a VPN for DAIP Gateway Connected to Internet Using USB 3G-Modem | Indeni
But keep in mind all of the issues listed in sk103523.