Senior Manager IT Third-Party Risk Management TPRM

Hybrid - Upon agreement between you and your supervisor, you are entitled to a flexible arrangement where you will be able to split your time between working from the office and working remotely.

The Senior Manager, IT Third-Party Risk Management (TPRM) leads the day-to-day execution and ongoing maturity of the organization’s third-party risk program. This role is accountable for strengthening governance, streamlining process, automating workflows, and enabling leaders to make risk-informed decisions through effective TPRM tooling, dashboards, and reporting. The Senior Manager partners closely with stakeholders across Information Technology Solutions (ITS), Cybersecurity & Privacy Solutions (CPS), Procurement, Legal, Compliance, and business personnel, to ensure third-party risk is understood, managed, and monitored across the third-party lifecycle—from intake and due diligence through contracting, onboarding, continuous monitoring, and offboarding.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

Provide leadership of short- and long-term goals for IT Third-Party Risk Management. Lead the effort to foster an environment of customer service, continuous improvement and consistent execution.

Program Leadership and Maturity

• Drive the TPRM maturity roadmap, including improvements to governance, policies/standards, workflow design, tiering methodology, and lifecycle processes
• Establish and maintain program operating cadence (e.g., monthly risk reviews, KPI/KRI reporting, issue remediation tracking, and executive readouts)
• Identify gaps and implement enhancements to ensure program scalability, consistency, auditability, and alignment with regulatory/industry practices
• Develop and maintain standard operating procedures, job aids, and training materials to ensure consistent execution
  
  
  

• Serve as a trusted advisor to business owners, translating third-party risk into clear decision options
• Facilitate risk discussions, challenge risk assumptions appropriately, and ensure documented risk decisions, and approvals align to governance and are documented
• Partner with procurement to embed risk requirements into intake, sourcing, and ongoing vendor management
• Collaborate with Legal, CPS, and Compliance to ensure contract provisions, control expectations, and due diligence are aligned and enforceable
  
  
  

• Own management and optimization of the organization’s TPRM technology platform
• Design, configure, and enhance process workflows
• Develop dashboards and reporting for leaders: portfolio risk views, assessment status, SLA adherence, open issues, concentration risk, critical vendor oversight, and periodic vendor reassessment
• Improve data quality and establish a single source of truth for third-party risk inventory, risk ratings, and decision history
• Define and track KPIs/KRIs (cycle time, backlog, critical findings aging, remediation performance, override rates, risk acceptance trends)
  
  
  

• Oversee third-party risk assessments, including inherent risk tiering
• Ensure assessment scope are appropriate for vendor criticality, data sensitivity, and service impact
• Drive effective issue management and remediation tracking, including escalation paths for overdue or high-risk items
• Maintain processes for periodic reassessments and continuous monitoring of high-risk/critical vendors
  
  
  

• Lead, coach, and develop a team of TPRM professionals
• Set performance expectations, ensure workload prioritization, and build a culture of continuous improvement and strong business partnership.
  
  
  

• Bachelor’s degree or equivalent practical experience
• 8+ years of experience in third-party risk management, technology risk, operational risk, compliance, or related disciplines
• 3+ years of experience leading programs and/or teams, influencing cross-functional stakeholders, and driving process maturity
• Proven experience implementing or optimizing TPRM programs and establishing a culture of continuous improvement
• Proven experience implementing or optimizing TPRM/GRC tools to improve workflow automation, data quality, and reporting
• Strong ability to translate risk into decision-ready recommendations for leaders and to facilitate risk acceptance discussions
• Demonstrated knowledge of third-party lifecycle practices: due diligence, control validation, contracting requirements, monitoring, and remediation
  
  
  

• Experience in regulated industries (financial services, healthcare, insurance, or similar)
• Familiarity with relevant frameworks and expectations (e.g., NIST, ISO 27001, SOC reports, shared responsibility models, vendor oversight guidance)
• Certifications such as CISA, CRISC, CISSP, CISM, or equivalent
• Experience integrating continuous monitoring signals (security ratings, threat intelligence, incident notifications) into a TPRM operating model