Director, Third-Party Risk Management

About The Position

Requirements

• TPRM Program Leadership: Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
• Vendor Risk Assessments: Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
• Third-Party Lifecycle Management: Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
• Stakeholder Collaboration: Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
• Risk Monitoring & Reporting: Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
• Team Leadership: Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.

Nice To Haves

• Certifications: Professional certifications such as CISM , CISA , CRISC , or Certified Third Party Risk Professional (CTPRP) .
• Industry Experience: Experience in a highly-regulated industry (e.g., financial services, insurance, healthcare) or within a large enterprise environment is highly desirable.
• Program Development: Demonstrated experience designing or maturing a third-party risk management program, including implementing vendor risk management tools or technologies.
• Additional Skills: Familiarity with risk management software (e.g., GRC/ServiceNow platforms) and advanced data analysis or reporting tools is a plus.

Responsibilities

• TPRM Program Leadership: Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
• Vendor Risk Assessments: Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
• Third-Party Lifecycle Management: Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
• Stakeholder Collaboration: Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
• Risk Monitoring & Reporting: Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
• Team Leadership: Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.

Benefits

• A comprehensive benefits package that includes PTO, medical, dental, vision, retirement savings, disability insurance, and life insurance.