Senior Director, Compliance Governance & Operations
About The Position
Flex is seeking a seasoned and strategic Senior Director of Operational Risk Management & Third-Party Risk to lead the development of our Operational Risk Management (ORM) framework and oversee our end-to-end Third-Party Risk Management (TPRM) program. This high-impact role is essential to strengthening our enterprise risk posture and ensuring our operational and external risk exposures are managed with transparency, rigor, and control. You’ll report directly to the Chief Compliance Officer and work cross-functionally with leaders in Legal, Security, Finance, and Product. This is a foundational leadership role for someone ready to build scalable programs, enhance enterprise resilience, and shape Flex’s long-term readiness. This is a hybrid position with on-site expectations of 3 days per week in our New York or SF Headquarters. For candidates outside of the NY/NJ/SF area, you may be eligible for our relocation assistance program.
Requirements
- 7–10+ years of experience in risk management, with demonstrated expertise in both operational risk and third-party risk.
- Proven track record building and leading risk programs in regulated, high-growth, or technology-forward environments.
- Deep familiarity with relevant regulatory frameworks (OCC, NIST, FFIEC, etc.) and industry best practices for ORM and TPRM.
- Experienced in working cross-functionally and driving accountability across Legal, Finance, Security, and business teams.
- Effective communicator, able to synthesize complex issues and influence at all levels of the organization.
Nice To Haves
- Background in consulting or enterprise risk transformation is a strong plus.
Responsibilities
- Design and implement Flex’s enterprise ORM framework and operating structure.
- Lead the ORM working group and drive programmatic cadences such as risk assessments, remediation planning, and quarterly reviews.
- Manage core operational risk activities, including: Process Mapping Risk and Control Self-Assessments (RCSAs) Key Risk Indicators (KRIs) Incident and issue management
- Deliver actionable reporting to senior leadership.
- Align ORM with regulatory frameworks and industry standards (e.g., OCC, FFIEC, NIST).
- Serve as the central coordination point for operational risk governance across business lines.
- Own the full third-party risk lifecycle, from onboarding through termination, across a diverse vendor ecosystem that includes property management companies, property management software, payment providers, software platforms, BaaS partners, and contractors.
- Maintain and evolve the vendor inventory, tiering methodology, and due diligence standards.
- Partner cross-functionally with Legal, Security, Finance, CMS, and business stakeholders to ensure vendor engagements meet enterprise risk and regulatory standards.
- Conduct and review third-party assessments (e.g., SOC reports, control frameworks) and escalate risks when necessary.
- Manage residual risk ratings and design scalable ongoing monitoring practices.
- Report on vendor risks and mitigation strategies to senior leadership.
Benefits
- Competitive medical, dental, and vision available from Day 1
- Company equity
- 401(k) plan with company match (our company match kicks off at the beginning of 2026)
- Unlimited paid time off + 13 company paid holidays
- Parental leave
- Flex Cares Program
- Free Flex subscription
- Competitive compensation + company equity
- Unlimited PTO
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
251-500 employees
