Third Party Risk Management Leader

About The Position

Requirements

• 8+ years of experience in third-party risk, vendor risk management, enterprise risk, compliance, audit, or information security.
• Demonstrated experience building or maturing a TPRM program in a pre-IPO, public company, or regulated environment.
• Knowledge of leading Third-Party Risk Management (TPRM) and ESG practices.
• Understanding of risk policies, processes, ERP systems and risk management tools.
• Able to lead and manage multiple projects simultaneously and assess priorities in a complex environment.
• Demonstrated strong orientation to leadership, coaching, teamwork and indirect networks; a good communicator and change agent.
• Excellent executive communication and stakeholder management skills.
• Excellent analytical skills necessary to resolve problems and look for solutions.
• Excellent program and project management skills.
• Ability to influence others and build consensus using advanced written and verbal communication and presentation skills.

Responsibilities

• Program Design & Governance Establish and maintain an enterprise-wide Third-Party Risk Management framework aligned to public company expectations and leading practices Define third-party risk policies, standards, procedures, and risk appetite in partnership with Legal, Finance, IT Security, and Compliance
• Third-Party Lifecycle Management Oversee third-party risk activities across the full lifecycle: Due diligence and onboarding Contract risk assessment and approval Ongoing monitoring and periodic reassessment Issue management and remediation Offboarding and termination Ensure appropriate controls are in place for critical and high-risk vendors, including financial, operational, cybersecurity, privacy, and compliance risks
• Cybersecurity & Data Protection Risk Partner with Technology to assess vendor cybersecurity posture, including review of SOC reports, testing summaries, and security questionnaires Ensure third-party compliance with data privacy and protection requirements Support SOX readiness ensuring third party-related controls are properly designed, documented, and operating effectively Serve as a key liaison for Internal Audit and external auditors for third-party risk-related audits and reviews Prepare documentation, metrics, and executive reporting required for IPO diligence and ongoing public company disclosures
• Risk Monitoring, Reporting & Metrics Develop and maintain TPRM KPIs and KRIs, including vendor risk exposure, remediation status, and concentration risk Provide regular reporting to executive leadership and risk committees Escalate significant third-party risks and control gaps in a timely and structured manner
• Cross-Functional Leadership Partner with Procurement, Legal, Technology, Finance, HR, Internal Audit, and Business Leaders to embed TPRM processes into daily operations Influence stakeholders to adopt consistent, scalable risk practices across the enterprise Support vendor contract negotiations by advising on risk clauses, SLAs, audit rights, and termination provisions
• Continuous Improvement Benchmark the TPRM program against public company peers and evolving regulatory expectations Lead tool selection or enhancement as the program matures Train internal stakeholders on third-party risk awareness and responsibilities
• Environmental Social Governance (ESG) Integrate ESG risk considerations (environmental impact, labor practices, ethics, and governance) into third-party risk assessment, onboarding, and ongoing monitoring processes. Establish and oversee ESG-focused due diligence standards for vendors, suppliers, and partners in alignment with regulatory, industry, and corporate sustainability expectations. Partner with Sustainability, Legal, Compliance, and Procurement teams to define ESG risk thresholds and remediation strategies for third parties. Develop ESG-related third-party policies, controls, and reporting metrics to support corporate ESG goals and disclosures. Identify, assess, and escalate ESG-related third-party risks, including human rights, supply-chain transparency, climate exposure, and ethical conduct. Monitor emerging ESG regulations and frameworks (e.g., human rights, environmental compliance, governance standards) and translate requirements into third-party risk controls. Drive continuous improvement of third-party ESG risk monitoring through data analytics, assessments, and performance scorecards. Serve as a key advisor to senior leadership on ESG-related third-party risks and mitigation strategies.