Third-Party Risk Management Manager

The TPRM Manager will be responsible for leading the company’s Third-Party Risk Management program, evaluating and mitigating risks associated with security, artificial intelligence (AI) systems and data privacy. You will ensure that vendors, suppliers, and partners meet our security, compliance, and operational standards due diligence. You will work closely with IT Security, Legal, Privacy, Procurement, and Business Units to assess risks, drive remediation, and maintain compliance with regulatory requirements (SOC 2, ISO 27001, HIPAA, HITRUST, etc.). The ideal candidate is an experienced, detailed-oriented, and strategic in assessing information technology and security risks.

Key Responsibilities:

• Lead the design, implementation, and continuous improvement of the Third-Party Risk Management program.
• Develop and deploy methods to better identify emerging risks associated with third party vendors
• Establish TPRM governance policies, standards, and procedures for vendor risk assessment and ongoing monitoring.
• Drive continuous improvement of the process and lead designing and facilitating tools to streamline TPRM
• Collaborate and build strong relationships with all key business unit stakeholders to educate on the program and offer advice on security vendor risk mitigation as needed.
• Perform as a subject matter expert on TPRM with responsibilities to review and assess all vendors onboarding in the organization.
• Train enterprise wide on TPRM process to ensure compliance with regulatory requirements
• Contribute to establishing an enterprise risk committee

• Conduct due diligence and risk assessments on new and existing third-party vendors.
• Evaluate vendor’s security and AI controls, compliance certifications, and contractual obligations.
• Collaborate with business owners to ensure vendors meet security, AI, privacy, and operational requirements.

• Develop and maintain a vendor risk register and reassess vendors based on risk profile
• Monitor critical vendors for emerging risks, changes in risk posture, and compliance gaps.
• Provide dashboards, metrics, and executive reporting to leadership and audit committees.

• Partner with IT Security, Procurement, Legal, Privacy and Business Units to integrate TPRM into onboarding and procurement workflows.
• Support internal and external audits with vendor risk management evidence.

• Track remediation activities for vendors with identified risks or findings.
• Lead initiatives to streamline vendor assessments, automate workflows, and integrate with GRC platforms.
• Stay current with emerging risks trends (ie AI, Cyber), regulatory updates and best practices.

• Bachelor’s degree in Information Security, Business Administration, Risk Management, or related field.
• 8+ years of experience in Third Party Vendor Risk Management, IT, AI and Cybersecurity risks, or GRC program management.
• Familiarity with risk and compliance frameworks (NIST, SOC 2, ISO 27001, HIPAA, HITRUST).
• Experience with TPRM or GRC platforms (e.g., Archer, OneTrust, ServiceNow GRC, ProcessUnity).
• Strong analytical and communication skills; ability to influence stakeholders across functions.
• Experience presenting risk findings and metrics to executives or audit committees.
• A subject matter expert to identify and address key third party related risks and areas of concerns associated with new and existing third-party vendors
• Knowledge of assessing vendors’ AI risks

• Industry certifications: CTPRP (Certified Third-Party Risk Professional),Certified Regulatory Vendor Program Manager (CRVPM) CISA, CISM, CISSP, CRISC, or similar.
• Experience in regulated industries such as healthcare, biotech, or financial services.
• Knowledge of contract negotiation, vendor SLAs, and regulatory obligations.

#LI-Remote