Third Party Risk, Lead

About The Position

Requirements

• Bachelor’s degree in Business, Risk Management, Information Security, Finance, or a related field.
• 5-10+ years of experience in third‑party risk management, vendor management, operational risk, or a similar role.
• Strong understanding of risk frameworks, due diligence requirements, and vendor lifecycle best practices (e.g., NIST, ISO, SOC reports, business continuity standards).
• Ability to evaluate complex vendor information and translate risks into clear, actionable recommendations for stakeholders.
• Strong attention to detail, organizational skills, and ability to manage multiple vendors or assessments simultaneously.
• Strong analytical skills with the ability to identify patterns, inconsistencies, or emerging risks.
• Clear and professional communication skills—comfortable collaborating across teams and influencing without authority.
• Curiosity, ownership mindset, and a passion for building scalable processes.

Nice To Haves

• Experience with TPRM or GRC tools/platforms is a plus.

Responsibilities

• Support the implementation and ongoing enhancement of TabaPay’s Third‑Party Risk Management (TPRM) policy and governance model.
• Help define program roles and responsibilities and contribute to RACI development across Risk, Compliance, IT, Procurement, and business owners.
• Maintain and continuously improve TPRM procedures aligned with interagency regulatory guidance and industry best practices.
• Lead risk tiering activities to categorize vendors as low, moderate, high, or critical based on clearly defined criteria.
• Supprt comprehensive due diligence across domains including: Company profile and financial stability Information security & cybersecurity controls Legal, contractual, and regulatory compliance Business continuity & incident response capabilities
• Identify control gaps and partner with stakeholders to define remediation steps.
• Maintain the TPRM system of record and ensure data accuracy and completeness.
• Support the full third‑party lifecycle: planning, onboarding, contracting, performance monitoring, and offboarding.
• Review business cases and risk assessments for proposed vendor engagements.
• Validate that contracts contain required risk‑mitigating provisions (audit rights, SLAs, security requirements, exit strategies).
• Coordinate periodic performance reviews and trigger risk reassessments based on changes in services, incidents, or vendor health.
• Assist in managing incident escalation and reporting related to vendor performance or security events.
• Create training materials and help deliver TPRM education to business owners and support teams.
• Prepare reports and dashboards for leadership that summarize vendor risk trends, issue statuses, and program performance metrics.
• Provide active guidance and partnership to stakeholders to ensure smooth and compliant vendor management.

Benefits

• 100% employer-paid health care insurance including medical, dental, vision, and life insurance (for employee only)
• Employer 401K Matching
• Generous and Flexible PTO