Senior Manager Third-Party Cybersecurity Risk

CFA Institute-posted 3 months ago
$135,000 - $155,000/Yr
Full-time • Senior
Charlottesville, VA
1,001-5,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Help us safeguard CFA Institute by building and leading a best-in-class third-party cybersecurity risk program. In this senior role, you’ll identify, assess, and reduce risks across our vendor ecosystem—partnering closely with procurement, legal, security, and business teams to embed strong controls into how we select, onboard, and manage suppliers. If you thrive at the intersection of risk, security, and stakeholder influence, we’d love to hear from you.

  • Design, implement, and continuously mature the third-party cybersecurity risk management (TPRM) program across the full vendor lifecycle.
  • Lead due diligence and risk assessments; establish risk ratings, KRIs, and clear escalation protocols.
  • Integrate security requirements into sourcing, contracting, and onboarding in partnership with procurement and legal.
  • Recommend, track, and close remediation actions; stand up continuous monitoring for critical suppliers.
  • Build and maintain dashboards/metrics to communicate exposure and drive decision-making with leadership.
  • Align the program with relevant regulations and frameworks (e.g., GDPR, CCPA) and certifications/standards (e.g., NIST CSF, ISO 27001, SOC 2); support internal and external audits.
  • Serve as the primary point of contact for third-party cyber risk; educate stakeholders and champion best practices across the enterprise.
  • Bachelor’s degree in cybersecurity, information systems, risk management, or a related field—or equivalent experience.
  • 5–8 years of cybersecurity or risk management experience with direct ownership of third-party/vendor risk.
  • Strong working knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and risk assessment methodologies.
  • Familiarity with compliance and audit requirements (e.g., SOC 2, HIPAA, PCI DSS).
  • Proven ability to analyze complex vendor ecosystems and clearly communicate risk in business terms.
  • Excellent stakeholder management, influence, and communication skills.
  • Analytical, detail-oriented, and adept at balancing risk with business objectives in a dynamic environment.
  • Professional certifications such as CISM, CRISC, CTPRP (or equivalent).
  • Experience establishing KRIs, dashboards, and continuous monitoring for supplier risk.
  • Demonstrated success partnering with procurement, legal, and security to embed controls in enterprise processes.
  • Audit support experience for vendor risk programs and an ongoing commitment to professional development.
  • Comprehensive health coverage for you and your family.
  • Generous leave and time off.
  • Competitive retirement plans.
  • Flexible work options.
  • Wellness, education, and support programs.
  • Eligibility for annual incentives.
  • 12% retirement employer contribution.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Resume Examples
Cybersecurity Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service