Hybrid - Upon agreement between you and your supervisor, you are entitled to a flexible arrangement where you will be able to split your time between working from the office and working remotely.
The Senior Manager, IT Third-Party Risk Management (TPRM) leads the day-to-day execution and ongoing maturity of the organization’s third-party risk program. This role is accountable for strengthening governance, streamlining process, automating workflows, and enabling leaders to make risk-informed decisions through effective TPRM tooling, dashboards, and reporting. The Senior Manager partners closely with stakeholders across Information Technology Solutions (ITS), Cybersecurity & Privacy Solutions (CPS), Procurement, Legal, Compliance, and business personnel, to ensure third-party risk is understood, managed, and monitored across the third-party lifecycle—from intake and due diligence through contracting, onboarding, continuous monitoring, and offboarding.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Provide leadership of short- and long-term goals for IT Third-Party Risk Management. Lead the effort to foster an environment of customer service, continuous improvement and consistent execution.
Program Leadership and Maturity
Drive the TPRM maturity roadmap, including improvements to governance, policies/standards, workflow design, tiering methodology, and lifecycle processes
Establish and maintain program operating cadence (e.g., monthly risk reviews, KPI/KRI reporting, issue remediation tracking, and executive readouts)
Identify gaps and implement enhancements to ensure program scalability, consistency, auditability, and alignment with regulatory/industry practices
Develop and maintain standard operating procedures, job aids, and training materials to ensure consistent execution
Stakeholder and Management Interaction
Serve as a trusted advisor to business owners, translating third-party risk into clear decision options
Facilitate risk discussions, challenge risk assumptions appropriately, and ensure documented risk decisions, and approvals align to governance and are documented
Partner with procurement to embed risk requirements into intake, sourcing, and ongoing vendor management
Collaborate with Legal, CPS, and Compliance to ensure contract provisions, control expectations, and due diligence are aligned and enforceable
TPRM Tooling, Automation and Decision Enablement
Own management and optimization of the organization’s TPRM technology platform
Design, configure, and enhance process workflows
Develop dashboards and reporting for leaders: portfolio risk views, assessment status, SLA adherence, open issues, concentration risk, critical vendor oversight, and periodic vendor reassessment
Improve data quality and establish a single source of truth for third-party risk inventory, risk ratings, and decision history
Define and track KPIs/KRIs (cycle time, backlog, critical findings aging, remediation performance, override rates, risk acceptance trends)
Third-Party Risk Assessments and Lifecycle Management
Oversee third-party risk assessments, including inherent risk tiering
Ensure assessment scope are appropriate for vendor criticality, data sensitivity, and service impact
Drive effective issue management and remediation tracking, including escalation paths for overdue or high-risk items
Maintain processes for periodic reassessments and continuous monitoring of high-risk/critical vendors
People Leadership
Lead, coach, and develop a team of TPRM professionals
Set performance expectations, ensure workload prioritization, and build a culture of continuous improvement and strong business partnership.
EDUCATION:
Required Qualifications
Bachelor’s degree or equivalent practical experience
8+ years of experience in third-party risk management, technology risk, operational risk, compliance, or related disciplines
3+ years of experience leading programs and/or teams, influencing cross-functional stakeholders, and driving process maturity
Proven experience implementing or optimizing TPRM programs and establishing a culture of continuous improvement
Proven experience implementing or optimizing TPRM/GRC tools to improve workflow automation, data quality, and reporting
Strong ability to translate risk into decision-ready recommendations for leaders and to facilitate risk acceptance discussions
Demonstrated knowledge of third-party lifecycle practices: due diligence, control validation, contracting requirements, monitoring, and remediation
Preferred Qualifications
Experience in regulated industries (financial services, healthcare, insurance, or similar)
Familiarity with relevant frameworks and expectations (e.g., NIST, ISO 27001, SOC reports, shared responsibility models, vendor oversight guidance)
Certifications such as CISA, CRISC, CISSP, CISM, or equivalent
Experience integrating continuous monitoring signals (security ratings, threat intelligence, incident notifications) into a TPRM operating model
