Third Party Risk and Resilience (TPRR) Governance Manager

About The Position

Requirements

• 3+ years in third-party risk management, cyber risk governance, assurance, or related risk/compliance roles, including experience designing policies, standards, and control frameworks
• Experience with NIST SP 800‑171/161 and enterprise third‑party risk control families; familiarity with DFARS/DoD cyber ecosystem and certification‑based assurance approaches
• Experience with governing technology/process integrations across complex programs (e.g., assessment workflows, issue management)
• Experience partnering with product/engineering teams
• Experience with strong communication skills and a record of driving cross‑functional alignment and change at scale
• Ability to translate policy and controls into operational requirements, contract terms, metrics, and tooling backlogs

Nice To Haves

• Bachelor's degree in information security, IT, Risk Management, Business, or related field
• Master's degree
• Certifications such as CISM, CRISC, CISSP, CISA, CBCP, CGEIT, CTPRP/CTPRA, and/or PMP
• Experience with Aravo (or similar TPRM platforms), BitSight or equivalent external risk data, QRC/TACOS or issue/quality management systems, and AuditBoard
• Experience with advanced analytics and dashboarding (e.g., Power BI) for control effectiveness, SLA, and lifecycle reporting
• Experience leading governance councils, command media programs, and/or large-scale risk transformation initiatives

Responsibilities

• Mature the TPRR governance and operating model, including policy, standards, procedures, and control criteria (SR family, SP5 updates, certification‑based assurance)
• Publish and maintain TPRR command media and critical documentation; ensure traceability to regulatory, contractual, and internal control requirements
• Lead the development and maintenance of our C‑SCRM Strategy & Implementation Plan (SIP), including update cadence
• Define and maintain enterprise assessment criteria, scoring models, control requirements, and risk decisioning thresholds to support consistent, defensible outcomes
• Govern integration design across the TPRR lifecycle (e.g., Cybersecurity Maturity Model Certification (CMMC) ingestion, Product Security, Fit‑For‑Use (FFU), Operational Technology (OT), BitSight signal use, Quick Reference Card (QRC) alignment, TACOS/issue management interfaces)
• Partner with TPRR Technology & Assessment Operations to operationalize controls and requirements in Aravo; actively participate in the Aravo Change Board to prioritize configuration and ensure policy alignment
• Oversee alignment to Sentinel gaps, AuditBoard risk and control management, internal/external audit readiness, track remediation and report progress to leadership
• Establish TPRR metrics and Key Performance Indications (KPIs) in partnership with TPRR Technology & Assessment Operations team and TPRR Project Management Office; ensure measures drive risk reduction, Service Level Agreements (SLA) adherence, and quality of outcomes
• Provide executive-ready communications, leadership updates, and decision support (e.g., operating rhythm, Sub‑Council materials, roadmap revisions)
• Drive change management, training, command media, and desktop references/job aids for enterprise stakeholders adopting TPRR requirements
• Lead a high-performing team of TPRR governance, design, and integration professionals; build talent, foster collaboration, and promote a culture of accountability and continuous improvement

Benefits

• Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.
• The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work.