Director, Third-Party Risk Management
About The Position
Explore how you can contribute at AmeriLife. For over 50 years, AmeriLife has been a leader in the development, marketing and distribution of annuity, life and health insurance solutions for those planning for and living in retirement. Associates get satisfaction from knowing they provide agents, marketers and carrier partners the support needed to succeed in a rapidly evolving industry. Job Summary Reporting to the Senior Director of IT Risk, the Director of Third-Party Risk is a senior role responsible for the administration of the organization’s Third-Party Risk Management (TPRM) program. This position ensures that all vendors and third-party service providers meet the company’s information security, compliance, and risk standards. The Director will drive vendor risk assessments, manage the third-party risk lifecycle, ensure regulatory compliance, and facilitate collaboration with key internal stakeholders to protect the enterprise’s interests. Job Description Key Responsibilities TPRM Program Leadership: Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle. Vendor Risk Assessments: Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures. Third-Party Lifecycle Management: Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding. Stakeholder Collaboration: Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities. Risk Monitoring & Reporting: Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness. Team Leadership: Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.
Requirements
- Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
- Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
- Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
- Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
- Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
- Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.
Nice To Haves
- Certifications: Professional certifications such as CISM, CISA, CRISC, or Certified Third Party Risk Professional (CTPRP).
- Industry Experience: Experience in a highly-regulated industry (e.g., financial services, insurance, healthcare) or within a large enterprise environment is highly desirable.
- Program Development: Demonstrated experience designing or maturing a third-party risk management program, including implementing vendor risk management tools or technologies.
- Additional Skills: Familiarity with risk management software (e.g., GRC/ServiceNow platforms) and advanced data analysis or reporting tools is a plus.
Responsibilities
- Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
- Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
- Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
- Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
- Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
- Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.
Benefits
- A comprehensive benefits package that includes PTO, medical, dental, vision, retirement savings, disability insurance, and life insurance.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
Education Level
No Education Listed
Number of Employees
101-250 employees
