Job Description:
• The Cybersecurity Manager – Third-Party Risk Management (TPRM) is responsible for the operational leadership, effectiveness, and continuous maturation of the organization's Third-Party Risk Management program.
• Working closely with the Director of TPRM, this role leads a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, remediation governance, and risk reporting activities.
• Provide day-to-day leadership, guidance, and oversight for TPRM team members.
• Coach, mentor, and develop team members through performance feedback, career development planning, training opportunities, and formal performance evaluations.
• Manage team capacity, workload prioritization, resource allocation, and operational challenges to ensure timely delivery of assessments, contract reviews, strategic initiatives, and departmental objectives.
• Accountable for team performance, service delivery metrics, quality standards, and achievement of operational goals.
• Identify staffing, skillset, and resource needs to support current operations and future program growth.
• Foster a culture of accountability, collaboration, innovation, and continuous improvement.
• Provide operational oversight and quality assurance for third-party risk assessments, contract security reviews, continuous monitoring activities, and risk evaluations, ensuring consistent application of established methodologies and quality standards.
• Own the operational health of the enterprise third-party portfolio by ensuring assessment service levels, continuous monitoring, remediation tracking, and executive visibility objectives are achieved.
• Serve as the primary escalation point for complex vendor risk decisions, including risk acceptances, exceptions, compensating controls, remediation plans, and vendor approval recommendations.
• Review and approve high-risk assessment findings, risk ratings, remediation recommendations, and exception requests to ensure consistency with enterprise risk standards.
• Collaborate with business stakeholders on critical vendor engagements and initiatives.
Requirements:
• Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent combination of education and experience.
• Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk management experience.
• Minimum 2-3 years of direct people leadership experience.
• Experience leading enterprise Third-Party Risk Management programs or significant cybersecurity governance initiatives.
• Experience developing executive-level reporting, performance metrics, and strategic communications.
• Demonstrated experience leading teams responsible for complex vendor risk assessments and cybersecurity evaluations.
• Strong understanding of third-party risk management practices, cybersecurity controls, and risk assessment methodologies.
• Experience developing policies, standards, and governance processes within cybersecurity or risk management functions.
• Strong project management, organizational, and analytical skills.
• Excellent written, verbal, and presentation skills with the ability to communicate effectively to both technical and executive audiences.
• Ability to balance strategic planning with hands-on execution in a dynamic environment.
Benefits:
• healthcare
• time off
• retirement
• well-being programs
• professional certification opportunities
• tuition reimbursement
• quarterly and annual incentive programs