Third Party Risk, Lead

TabaPayPalo Alto, CA
6h$111,000 - $150,000

About The Position

At TabaPay, the Enterprise Risk Management (ERM) team is responsible for building and scaling the frameworks that protect the company, strengthen operational resilience, and enable confident business growth. Our mission is to create a proactive, sustainable risk culture and ensure that risks across the enterprise—particularly those posed by third‑party relationships—are well understood, well managed, and aligned with regulatory expectations. As a Third‑Party Risk Lead, you will play a critical role in designing, implementing, and operating TabaPay’s Third‑Party Risk Management (TPRM) Program. You will work cross‑functionally with Compliance, Security, IT, Legal, Finance, and business owners to evaluate vendor risks, strengthen controls, and ensure we engage vendors safely and strategically. This is a high‑visibility role that blends program development, risk assessment, process ownership, and stakeholder training. We are looking for someone who is structured, curious, and detail‑oriented—someone excited to build a robust TPRM program and influence how TabaPay manages third‑party risk as we scale. This role will report to the Head of Enterprise Risk Management.

Requirements

  • Bachelor’s degree in Business, Risk Management, Information Security, Finance, or a related field.
  • 5-10+ years of experience in third‑party risk management, vendor management, operational risk, or a similar role.
  • Strong understanding of risk frameworks, due diligence requirements, and vendor lifecycle best practices (e.g., NIST, ISO, SOC reports, business continuity standards).
  • Ability to evaluate complex vendor information and translate risks into clear, actionable recommendations for stakeholders.
  • Strong attention to detail, organizational skills, and ability to manage multiple vendors or assessments simultaneously.
  • Strong analytical skills with the ability to identify patterns, inconsistencies, or emerging risks.
  • Clear and professional communication skills—comfortable collaborating across teams and influencing without authority.
  • Curiosity, ownership mindset, and a passion for building scalable processes.

Nice To Haves

  • Experience with TPRM or GRC tools/platforms is a plus.

Responsibilities

  • Support the implementation and ongoing enhancement of TabaPay’s Third‑Party Risk Management (TPRM) policy and governance model.
  • Help define program roles and responsibilities and contribute to RACI development across Risk, Compliance, IT, Procurement, and business owners.
  • Maintain and continuously improve TPRM procedures aligned with interagency regulatory guidance and industry best practices.
  • Lead risk tiering activities to categorize vendors as low, moderate, high, or critical based on clearly defined criteria.
  • Supprt comprehensive due diligence across domains including: Company profile and financial stability Information security & cybersecurity controls Legal, contractual, and regulatory compliance Business continuity & incident response capabilities
  • Identify control gaps and partner with stakeholders to define remediation steps.
  • Maintain the TPRM system of record and ensure data accuracy and completeness.
  • Support the full third‑party lifecycle: planning, onboarding, contracting, performance monitoring, and offboarding.
  • Review business cases and risk assessments for proposed vendor engagements.
  • Validate that contracts contain required risk‑mitigating provisions (audit rights, SLAs, security requirements, exit strategies).
  • Coordinate periodic performance reviews and trigger risk reassessments based on changes in services, incidents, or vendor health.
  • Assist in managing incident escalation and reporting related to vendor performance or security events.
  • Create training materials and help deliver TPRM education to business owners and support teams.
  • Prepare reports and dashboards for leadership that summarize vendor risk trends, issue statuses, and program performance metrics.
  • Provide active guidance and partnership to stakeholders to ensure smooth and compliant vendor management.

Benefits

  • 100% employer-paid health care insurance including medical, dental, vision, and life insurance (for employee only)
  • Employer 401K Matching
  • Generous and Flexible PTO
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service