Third Party Risk Management Lead

Sungrow USA Corporation

2d•Remote

About The Position

Sungrow North America is a leading provider of renewable energy solutions, specializing in the development and manufacturing of photovoltaic inverters and energy storage systems. The company offers a comprehensive range of products and services designed to optimize the performance and efficiency of solar power installations. Sungrow North America is known for its commitment to innovation, high-quality standards, and exceptional customer service, aiming to provide sustainable and reliable energy solutions to meet the growing demand for clean power. Sungrow Americas is seeking a Third Party Risk Management (TPRM) Lead to establish and operate a scalable program for managing vendor, supplier, and third-party risk across the organization. This role is responsible for ensuring that third-party relationships are assessed, governed, and continuously monitored in alignment with regulatory expectations and customer requirements. In parallel, this role will support the development of business continuity and resilience capabilities, including Business Impact Analysis (BIA) and foundational BCDR program elements. This is a program leadership role requiring strong execution, cross-functional influence, and the ability to operate in a regulated, critical infrastructure environment

Requirements

7–10+ years of experience in third-party risk management, GRC, or vendor risk programs
Proven experience building or leading a TPRM program in a regulated or enterprise environment
Strong understanding of: Vendor risk assessment methodologies Security frameworks (NIST, ISO 27001, SOC 2)
Experience reviewing: Security documentation (policies, controls, audit reports) Third-party attestations (SOC 2, ISO certifications)
Working knowledge of business continuity and resilience concepts (BIA, BCDR)
Ability to drive cross-functional alignment and accountability

Nice To Haves

Experience in energy, industrial, or critical infrastructure sectors
Familiarity with NERC CIP requirements
Experience implementing or operating TPRM platforms/tools
Certifications such as CRISC, CISM, CISSP, or CTPRP

Responsibilities

Build and operate the TPRM program lifecycle, including: Vendor intake and risk tiering Security assessments and due diligence Ongoing monitoring and reassessment
Define and enforce minimum security requirements for vendors and suppliers
Partner with legal and procurement to embed security and risk clauses into contracts
Establish processes for exception management and risk acceptance
Lead execution of third-party security reviews, including: Questionnaires and evidence validation Review of SOC 2, ISO certifications, and supporting artifacts
Identify and communicate material risks and required mitigations
Ensure alignment to frameworks (NIST, ISO 27001, SOC 2, NERC CIP where applicable)
Implement ongoing monitoring capabilities for vendor risk posture
Track and drive remediation of identified third-party risks
Maintain visibility into fourth-party and supply chain dependencies where relevant
Support development of Business Impact Analysis (BIA) across critical functions
Partner with business and IT stakeholders to define: Critical processes Recovery time objectives (RTO) / recovery point objectives (RPO)
Contribute to the development of BCDR plans and testing frameworks
Ensure third-party dependencies are integrated into continuity planning
Develop and track TPRM KPIs and risk metrics
Provide executive-level reporting on third-party risk posture
Maintain documentation and evidence to support: Audits Customer security reviews Regulatory inquiries
Ensure program is defensible and repeatable
Partner with: Procurement (vendor onboarding) Legal (contractual protections) IT and engineering (technical validation)
Act as the central point of coordination for third-party risk decisions