Director of Cyber Third-Party Assurance

MassMutual Financial Group-posted 3 months ago
$148,300 - $194,600/Yr
Full-time • Director
Springfield, MA
5,001-10,000 employees
Insurance Carriers and Related Activities
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

As the Director of the Cyber Third-Party Assurance team you will work in a fast-paced, collaborative environment overseeing the onboarding and continuous monitoring of Mass Mutual's third-parties. The Director of Cyber Third-Party Assurance (CTPA) leads the enterprise's vendor and supplier cybersecurity risk management function. This role is responsible for ensuring that third-party engagements meet Mass Mutual's cybersecurity standards and comply with regulatory expectations. The position manages a team responsible for four critical verticals: onboarding new vendors, conducting risk-based assessments of returned questionnaires, actively monitoring critical vendors through continuous oversight and managing third-party risk questionnaires received when Mass Mutual serves as a vendor. This role ensures that there is a consistent, risk-driven approach to protecting the enterprise from supplier-related cyber threats.

  • Oversee the vendor onboarding process, beginning with inherent risk assessments and tailored due diligence questionnaires.
  • Lead the review of questionnaire responses, assign risk scores, and determine requirements for follow-up remediation or reassessment.
  • Partner with Procurement, Legal, and Governance to ensure contract language reflects cyber requirements.
  • Direct continuous monitoring of critical and high-risk vendors using third-party risk intelligence tools (e.g., RiskRecon).
  • Oversee periodic reassessments based on vendor tier, risk exposure, and regulatory requirements.
  • Ensure supplier vulnerabilities and incident notifications are addressed and escalated appropriately.
  • Manage the function that responds to cybersecurity questionnaires MassMutual receives as a third party to other organizations.
  • Ensure responses are accurate, consistent, and aligned with enterprise security posture and regulatory expectations.
  • Provide executive-level reporting on third-party cyber risk posture, metrics, and emerging risks.
  • Align with Governance, Enterprise Risk Management, and Internal Audit to ensure defensible oversight.
  • Partner with BISOs, platform engineering, and security control owners to ensure vendor cyber risk is accurately identified and managed.
  • Bachelor's degree in information technology, Cyber Security, or a related field.
  • 8+ years of experience in cybersecurity, including 4+ years in a leadership role focused on third-party risk management, or vendor assurance.
  • Authorized to work in the US without requiring sponsorship now and in the future.
  • Knowledge of regulatory frameworks (NIST CSF 2.0, CRI Profile, etc.).
  • Strong analytical skills for measuring program effectiveness and driving continuous improvement.
  • Demonstrated experience in managing risk assessments, due diligence, and continuous monitoring processes.
  • Familiarity with vendor risk intelligence platforms (e.g., RiskRecon) and GRC tools (e.g., Archer, Process Unity).
  • Excellent communication and stakeholder engagement skills, including executive-level reporting.
  • CISSP, CTPRP, or related certifications preferred.
  • Competitive salaries
  • Incentive and bonus opportunities
  • Comprehensive benefits offerings
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Director of Quality Assurance Resume Examples
Director of Quality Assurance Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service