Title: Third Party Risk Manager
Duration: Multi-year contract (10+ years)
PR: $62-$67/hr
Location: Remote - Can be Hybrid in Sacramento, CA if preferred
Must Haves:
- 3-5 years progressive and current work experience in third party/supply chain risk management
- Experience performing Information Security-based risk assessments of third parties and driving mitigation actions sufficient to manage identified risks.
- Building out and managing third party risk management programs across an organization
- Strong understanding of complex information security fundamentals and regulatory compliance requirements in the third party risk management domain
- SOC 2
- ISO27001
- NIST
- Demonstrated ability to partner effectively with teams across the Business Units and at various levels ranging from individual contributors to senior leadership.
Day to Day:
Under the guidance of the Chief Data Security and Privacy Officer, the Third Party Risk Manager will:
- Help set up a structured third party risk management program.
- Create, implement, and manage third party risk management procedures in collaboration with the Information Security Team, Enterprise Risk Management Office, and Business Units.
- Conduct initial and continuous risk assessments throughout the third party lifecycle.
- Determine necessary compensating controls for third parties, monitor their implementation, and work closely with Business Units to ensure these controls are put in place.
- Develop a third party risk dashboard (or other metrics and reports) to keep leadership and stakeholders informed about the status of third party risks
- Design, roll out, and manage third party risk management procedures in collaboration with the Information Security Team, Enterprise Risk Management Office, and Business Units.
- Create and maintain third party risk scorecards (or other effective reporting tools) to communicate third party risk status.
- Perform additional tasks to support Information Security and Enterprise Risk Management activities as needed.