Associate Director, Risk Management

About The Position

Requirements

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice To Haves

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Responsibilities

• Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
• Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
• Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
• Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
• Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
• Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
• Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
• Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
• Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
• Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
• Help mentor and develop more junior team members as the program and team scale

Benefits

• Competitive medical, dental, and vision
• Company equity
• 401(k) plan with company match
• Unlimited paid time off + 13 company paid holidays
• Parental leave
• Flex Cares Program: Non-profit company match + pet adoption coverage
• Free Flex subscription