Third Party Due Diligence – Monitoring

MizuhoNew York, NY
$103,000 - $135,000Hybrid

About The Position

The Mizuho Americas Enterprise Controls Department (ECD) is a 1st Line of Defense (1LoD) risk and control function delivering enterprise control services across Third Party Services, Business Continuity Planning, and Business Risk and Control Services. The department creates singular accountability and a "one-stop shop" for enterprise control services across all lines of business and corporate functions in the Americas region, and it sits within the Mizuho Americas Enterprise Services Division. The Third Party Risk Management (TPRM) Unit is a 1LoD risk function responsible for providing white-glove service to business lines and corporate functions, shepherding them through the Third Party Risk Management lifecycle, conducting due diligence directly with third parties, and providing oversight of the TPRM function. The Third Party Due Diligence (TPDD) Team conducts risk-based evaluations of third-party service providers across Information Security, Information Technology, Business Continuity Planning, and adjacent domains, and is responsible for ongoing monitoring of third and fourth parties across Cybersecurity, Financial, Compliance, Operational, Geographic, and ESG events using tools including BitSight, Supply Wisdom, and NCFTA intelligence feeds. The Assistant Vice President TPDD – Ongoing Monitoring is accountable for the end-to-end execution and quality of TPDD's continuous monitoring program for Critical, High, Moderate, Low, and Nominal third and fourth parties. The AVP owns the timely identification, triage, escalation, and resolution of monitoring alerts; partners with Third Party Managers (TPMs), Business Approvers, SMEs, Legal, and Compliance to drive remediation; and ensures all monitoring activity is documented in an audit-ready, regulator-defensible manner consistent with the MUSO TPRM Policy, Standard, and Procedure.

Requirements

  • Bachelor's degree in a relevant field, such as Information Security, Cybersecurity, Business Administration, Finance, or Risk Management.
  • 5+ years of experience in third-party risk management, monitoring, risk assessment, IT audit, or related disciplines within regulated financial services or consulting.
  • Demonstrated experience with continuous monitoring platforms (BitSight, Supply Wisdom, or equivalent) and GRC tools (Archer or equivalent).
  • Solid knowledge of data analysis, contract review, data privacy, information security, information technology, and Business Continuity Planning (BCP) principles.
  • Strong ability to identify, assess, and articulate risks and vulnerabilities; sound judgment in evaluating control evidence.
  • Advanced Excel, AI and analytical skills, with strong attention to detail and accuracy.
  • Proven ability to manage priorities, drive issues to closure, and meet regulatory deadlines.
  • Strong interpersonal, stakeholder-management, and critical-thinking skills, with the ability to collaborate across the 1LoD, 2LoD, Legal, Compliance, and senior management.
  • Excellent written and verbal communication skills, with the ability to translate technical risks into clear business language for TPMs, Business Approvers, and executive stakeholders.

Nice To Haves

  • Professional certifications strongly preferred (e.g., CTPRP, CTPRA, CISA, CRISC, CISSP).
  • Experience with Shared Assessments (SIG framework) preferred.
  • Familiarity with U.S. regulatory expectations applicable to TPRM (FRB SR 13-19, OCC Bulletin 2013-29, NYDFS Part 500, FFIEC guidance) preferred.

Responsibilities

  • Own end-to-end ongoing monitoring of third and fourth party risks across cybersecurity (BitSight) and enterprise risk domains (Supply Wisdom), including weekly alert reviews; trend and impact analysis; ransomware and vulnerability assessments; fourth-party incident reporting; monthly third-party and location license and data reconciliation with heat map analysis; composite risk-rating evaluations across Macro-Economic, Financial, Geo-Political, Infrastructure, Business, Legal, Security & Compliance, Scalability, and ESG domains; and coordination with Cyber Defense to review NCFTA alerts and identify, assess, and respond to emerging high-risk cyber threats affecting Mizuho third parties.
  • Serve as the primary point of contact for TPMs, Business Approvers, Legal, Compliance, CISO/Cyber Defense, Data Loss Prevention (DLP), and Subject Matter Experts (SMEs) to assess the business impact of third and fourth party risk events; document material incidents in Archer (e.g., score declines exceeding 5%, severe fourth-party incidents, sanctions hits, or breaches); identify and analyze risk issues, clearly communicate impacts in business terms, drive and track remediation to closure, and escalate Critical or High-risk issues to TPDD leadership, and TPRM Management, as appropriate.
  • Support monthly concentration and portfolio risk monitoring across third parties (e.g., engagement volume, service locations, contingent workers, and sole-provider exposure), contribute to quarterly reporting, and maintain accurate BitSight portfolios and Supply Wisdom license assignments to ensure all concentration-risk third parties are continuously monitored as Critical under appropriate license types.
  • Lead and perform due diligence reviews, reassessments, and significant change evaluations in accordance with TPRM policies and procedures; assess inherent risk and control effectiveness across key domains (e.g., Information Security, Technology, Business Continuity, Risk Management, Incident Management, Physical Security, Nth-Party Risk, and HR); identify and document due diligence gaps and risk exposures; recommend remediation, risk acceptance, or escalation actions in Archer; and coordinate Certificate of Insurance (COI) validation, as needed, including documenting any gaps.
  • Review Archer KRI reports to identify threshold breaches and overdue activities, assess risk impact, drive remediation with stakeholders, and escalate issues as needed; ensure risk acceptances are recorded and tracked; support internal and external audits, regulatory exams, and Federal Banking Agency Report of Examination (ROE) reviews through timely, accurate documentation; and maintain complete, audit-ready records, including QA reviews of 10% of Moderate/Low and 100% of Critical/High assessments.
  • Contribute to the enhancement of IRQs, DDQs, monitoring playbooks, KRIs, and reporting processes to improve consistency, efficiency, and audit readiness; identify and remediate data anomalies in Archer and support reconciliations across systems (Archer, SNOW, Supply Wisdom, BitSight); and ensure timely, high-quality delivery of monitoring activities aligned with TPRM objectives and regulatory requirements, including additional responsibilities as needed to support the TPRM program.

Benefits

  • Medical
  • Dental
  • 401k
  • discretionary bonus
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service