Third-Party Risk Manager, Cybersecurity - Onsite in Dallas, TX or Remote based in US if not local

About The Position

Requirements

• 5+ years of experience in third-party/vendor risk management, preferably within highly regulated industries such as healthcare, finance, or technology.
• Strong understanding of GRC frameworks, risk assessment methodologies, and regulatory requirements (e.g., HIPAA, GDPR, SOC 2, NIST CSF).
• Proven ability to communicate complex risk concepts clearly to both technical and non-technical stakeholders.
• Experience managing risk assessment platforms or GRC tools (e.g., Archer, ServiceNow, OneTrust, Prevalent or Safe Security).
• Excellent analytical, organizational, and interpersonal skills.

Nice To Haves

• CISSP, CRISC, CTPRP, CTPRA or HCISPP

Responsibilities

• Develop, manage, and continuously improve the organization’s Third-Party Risk Management (TPRM) program and platform, including policies, procedures, risk methodologies, and performance metrics.
• Lead risk assessments and due diligence processes for new and existing third-party vendors, including IT, business services, SaaS providers, and critical suppliers.
• Build criteria and processes to evaluate AI-based vendor technologies to identify risk exposure.
• Evaluate vendor security practices, policies, and controls using industry frameworks (e.g., NIST CSF).
• Partner with Procurement, Legal, Compliance, IT, and business stakeholders to integrate risk assessments into the vendor lifecycle—from onboarding through termination and to review contracts, Business Associate Agreements (BAAs), and data-sharing agreements.
• Maintain a current and accurate vendor risk inventory and drive the development and execution of corrective action plans for vendors with risks or compliance gaps.
• Oversee the implementation of continuous monitoring controls and ensure timely reassessments of vendor risks.
• Collaborate with Internal Audit and Compliance teams to support external audits, regulatory requests, and risk reporting.
• Prepare executive-level reporting on third-party risk exposure and program effectiveness for GRC leadership and Board-level stakeholders.
• Stay current on emerging regulatory changes, industry standards (e.g., NIST, ISO, HIPAA, HITRUST), and best practices in third-party risk management, providing cybersecurity expertise and support for all IT Audit (SOX, PCI, HIPAA); Security Compliance (Vendor Security Assessments and Security Risk Analysis (SRA)); and Data Compliance (Data Classification and Automated / Continuous) audits.

Benefits

• Medical, dental, vision, disability, AD&D and life insurance
• Manager Time Off – 20 days per year
• Discretionary 401k match
• 10 paid holidays per year
• Health savings accounts, healthcare & dependent flexible spending accounts
• Employee Assistance program, Employee discount program
• Voluntary benefits include pet insurance, legal insurance, accident and critical illness insurance, long term care, elder & childcare, auto & home insurance.
• For Colorado employees, paid leave in accordance with Colorado’s Healthy Families and Workplaces Act is available.