Senior Manager, IT Third-Party Risk Management (TPRM)

The Senior Manager, IT Third-Party Risk Management (TPRM) leads the day-to-day execution and ongoing maturity of the organization’s third-party risk program. This role is accountable for strengthening governance, streamlining process, automating workflows, and enabling leaders to make risk-informed decisions through effective TPRM tooling, dashboards, and reporting. The Senior Manager partners closely with stakeholders across Information Technology Solutions (ITS), Cybersecurity & Privacy Solutions (CPS), Procurement, Legal, Compliance, and business personnel, to ensure third-party risk is understood, managed, and monitored across the third-party lifecycle—from intake and due diligence through contracting, onboarding, continuous monitoring, and offboarding.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

Provide leadership of short- and long-term goals for IT Third-Party Risk Management.  Lead the effort to foster an environment of customer service, continuous improvement and consistent execution.

Program Leadership and Maturity

• Drive the TPRM maturity roadmap, including improvements to governance, policies/standards, workflow design, tiering methodology, and lifecycle processes

• Establish and maintain program operating cadence (e.g., monthly risk reviews, KPI/KRI reporting, issue remediation tracking, and executive readouts)

• Identify gaps and implement enhancements to ensure program scalability, consistency, auditability, and alignment with regulatory/industry practices

• Develop and maintain standard operating procedures, job aids, and training materials to ensure consistent execution

Stakeholder and Management Interaction

• Serve as a trusted advisor to business owners, translating third-party risk into clear decision options

• Facilitate risk discussions, challenge risk assumptions appropriately, and ensure documented risk decisions, and approvals align to governance and are documented

• Partner with procurement to embed risk requirements into intake, sourcing, and ongoing vendor management

• Collaborate with Legal, CPS, and Compliance to ensure contract provisions, control expectations, and due diligence are aligned and enforceable

TPRM Tooling, Automation and Decision Enablement

• Own management and optimization of the organization’s TPRM technology platform

• Design, configure, and enhance process workflows

• Develop dashboards and reporting for leaders: portfolio risk views, assessment status, SLA adherence, open issues, concentration risk, critical vendor oversight, and periodic vendor reassessment

• Improve data quality and establish a single source of truth for third-party risk inventory, risk ratings, and decision history

• Define and track KPIs/KRIs (cycle time, backlog, critical findings aging, remediation performance, override rates, risk acceptance trends)

Third-Party Risk Assessments and Lifecycle Management

• Oversee third-party risk assessments, including inherent risk tiering

• Ensure assessment scope are appropriate for vendor criticality, data sensitivity, and service impact

• Drive effective issue management and remediation tracking, including escalation paths for overdue or high-risk items

• Maintain processes for periodic reassessments and continuous monitoring of high-risk/critical vendors

People Leadership

• Lead, coach, and develop a team of TPRM professionals

• Set performance expectations, ensure workload prioritization, and build a culture of continuous improvement and strong business partnership.

EDUCATION:

Required Qualifications

• Bachelor’s degree or equivalent practical experience

• 8+ years of experience in third-party risk management, technology risk, operational risk, compliance, or related disciplines

• 3+ years of experience leading programs and/or teams, influencing cross-functional stakeholders, and driving process maturity

• Proven experience implementing or optimizing TPRM programs and establishing a culture of continuous improvement

• Proven experience implementing or optimizing TPRM/GRC tools to improve workflow automation, data quality, and reporting

• Strong ability to translate risk into decision-ready recommendations for leaders and to facilitate risk acceptance discussions

• Demonstrated knowledge of third-party lifecycle practices: due diligence, control validation, contracting requirements, monitoring, and remediation

Preferred Qualifications

• Experience in regulated industries (financial services, healthcare, insurance, or similar)

• Familiarity with relevant frameworks and expectations (e.g., NIST, ISO 27001, SOC reports, shared responsibility models, vendor oversight guidance)

• Certifications such as CISA, CRISC, CISSP, CISM, or equivalent

• Experience integrating continuous monitoring signals (security ratings, threat intelligence, incident notifications) into a TPRM operating model