The Third-Party Risk Manager will be responsible for designing, implementing, and leading a best-in-class framework to manage vendor and third-party relationships across the organization. This role will oversee the full lifecycle of third-party risk management, from onboarding and due diligence to monitoring, reporting, and offboarding.This role can be based in a number of locations across the US including New York, Texas, Boston, Chicago, Charlotte, Austin
Key Responsibilities:
- Design and implement a comprehensive third-party risk management framework, encompassing vendor identification, evaluation, contracting, monitoring, and reporting.
- Own the end-to-end third-party lifecycle process, including onboarding, risk tiering, contract reviews, ongoing monitoring, and exit strategies.
- Partner with first-line business units to provide guidance and oversight during third-party assessments, embedding sound risk practices and recommending effective controls.
- Manage and respond to third-party related incidents and issues, including escalation and remediation planning.
- Develop and maintain third-party risk policies, standards, procedures, training materials, key risk indicators (KRIs), and key performance indicators (KPIs).
- Conduct in-depth reviews of business processes to evaluate control effectiveness and report findings to oversight committees and stakeholders.
- Lead and document due diligence processes, including questionnaires, risk reviews, and control evaluations.
- Promote awareness and education around third-party risk management best practices.
- Ensure quality standards are met in the creation and maintenance of program documentation.
- Collaborate with Legal, Compliance, and other teams to address regulatory expectations and requirements.
- Serve as a liaison with auditors, regulators, and other external stakeholders regarding risk management practices and compliance matters.
- Identify, track, and escalate vendor-related incidents or issues, ensuring timely remediation.
- 7–10 years of experience in third-party risk management, vendor governance, or enterprise risk.
- Bachelor’s degree in Business, Risk Management, or a related field (advanced degree preferred).
- Demonstrated experience in developing and managing enterprise-level third-party risk programs.
- Strong understanding of relevant regulatory frameworks and industry standards.
- Excellent leadership, communication, and stakeholder management skills.
- Ability to build and present executive-level reporting, including dashboards, risk heatmaps, and KPI/KRI summaries.
- Working knowledge of commercial insurance is a plus.
- Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook).
- Experience with third-party risk assessment platforms (e.g., OneTrust, AuditBoard).
- Familiarity with GRC (Governance, Risk & Compliance) systems implementation.
