Third-Party Risk Management Manager

About the position

The Governance, Risk, and Compliance (GRC) team is looking for a Third-Party Risk Management (TPRM) Manager who will be responsible for leading a program to manage Third Party Supplier security risks. If you are comfortable and have experience managing a highly motivated team, fast-paced working environment, taking ownership of the Third Party Security Risk program and making room at the table to improve our security posture, we want to talk to you! You will report to the Sr. Manager - GRC our Security organization.

Responsibilities

• Manage the TPRM lifecycle, including risk assessments, due diligence questionnaires, new vendor onboarding, re-assessment, on-site audits, and contract reviews.
• Maintain TPRM tools, artifacts, and reporting capabilities to provide visibility into supplier risk exposure and ensure timely identification and mitigation of risks.
• Oversee the TPRM team, providing guidance and support to ensure vendor risk management.
• Be a key contact for internal stakeholders and external vendors regarding TPRM issues and inquiries.
• Partner with risk domain SMEs (i.e., sourcing team, CorpSec, IT, etc.) to develop and implement robust vendor risk management policy and procedures.
• Manage the team's OKRs to ensure the delivery of exceptional services and the team's engagement and development.

Requirements

• Minimum of 6+ years with third-party risk management methodologies & managing a third-party risk management function.
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field.
• Experience with information security, privacy, compliance frameworks, and risk management principles (e.g., NIST, ISO 27001, SOC 2).
• Experience with banking regulation (e.g., GLBA).
• Experience with third-party risk systems, including survey techniques and scoring systems.
• Experience with how systems work, what security risks affect a variety of data, applications, and infrastructure, and how those risks translate to third parties.
• Experience solving complex, systemic issues that require creative thinking and solutions.
• Excellent verbal and written communication skills - you are able to translate business requirements into technical solutions and vice versa easily.

Nice-to-haves

• CISA, CISSP, or other industry certifications are a plus.

Benefits

• 401(k) plan with an employer match.
• Paid time off.
• Paid parental leave.
• Wellness benefits.
• Several paid holidays.
• Paid sick leave in compliance with applicable laws.
• Medical, dental, and vision benefits.
• Disability and basic life insurance.
• Family-forming assistance.
• Commuter benefit match.
• Mental health program.