Oversee vendor onboarding and monitoring for cybersecurity risks, ensure compliance with standards, and manage third-party risk assessments. Provide executive reporting and engage with stakeholders.
Full-Time, Boston, Springfield
The Opportunity
As the Director of the Cyber Third-Party Assurance team you will work in a fast-paced, collaborative environment overseeing the onboarding and continuous monitoring of Mass Mutual's third-parties. The Director of Cyber Third-Party Assurance (CTPA) leads the enterprise's vendor and supplier cybersecurity risk management function. This role is responsible for ensuring that third-party engagements meet Mass Mutual's cybersecurity standards and comply with regulatory expectations. The position manages a team responsible for four critical verticals: onboarding new vendors, conducting risk-based assessments of returned questionnaires, actively monitoring critical vendors through continuous oversight and managing third-party risk questionnaires received when Mass Mutual serves as a vendor. This role ensures that there is a consistent, risk-driven approach to protecting the enterprise from supplier-related cyber threats.
Oversee the vendor onboarding process, beginning with inherent risk assessments and tailored due diligence questionnaires. Lead the review of questionnaire responses, assign risk scores, and determine requirements for follow-up remediation or reassessment. Partner with Procurement, Legal, and Governance to ensure contract language reflects cyber requirements.
Direct continuous monitoring of critical and high-risk vendors using third-party risk intelligence tools (e.g., RiskRecon). Oversee periodic reassessments based on vendor tier, risk exposure, and regulatory requirements. Ensure supplier vulnerabilities and incident notifications are addressed and escalated appropriately.
Manage the function that responds to cybersecurity questionnaires MassMutual receives as a third party to other organizations. Ensure responses are accurate, consistent, and aligned with enterprise security posture and regulatory expectations.
Provide executive-level reporting on third-party cyber risk posture, metrics, and emerging risks. Align with Governance, Enterprise Risk Management, and Internal Audit to ensure defensible oversight. Partner with BISOs, platform engineering, and security control owners to ensure vendor cyber risk is accurately identified and managed.
The Team
The Cyber Third-Party Assurance (CTPA) team plays a critical role in protecting Mass Mutual's enterprise by managing cyber and operational risks across its vast supplier ecosystem. This team serves as a strategic partner to the business, providing assurance that our vendors and SaaS providers maintain the highest standards of security, compliance, and resilience. Leveraging advanced tools and regulatory expertise, CTPA delivers proactive risk insights, drives remediation of control gaps, and strengthens the organization's ability to meet stringent expectations from regulators, clients and the board. The team operates at the intersection of governance, procurement, and enterprise risk, ensuring that third-party dependencies do not become enterprise vulnerabilities. By leading this function, the incoming director will directly influence Mass Mutual's risk posture, reputation and ability to innovate securely with trusted partners.
The Impact:
The Minimum Qualifications
The Ideal Qualifications
#LI-SC1
MassMutual is an equal employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Salary Range: $148,300.00-$194,600.00
The Opportunity
As the Director of the Cyber Third-Party Assurance team you will work in a fast-paced, collaborative environment overseeing the onboarding and continuous monitoring of Mass Mutual's third-parties. The Director of Cyber Third-Party Assurance (CTPA) leads the enterprise's vendor and supplier cybersecurity risk management function. This role is responsible for ensuring that third-party engagements meet Mass Mutual's cybersecurity standards and comply with regulatory expectations. The position manages a team responsible for four critical verticals: onboarding new vendors, conducting risk-based assessments of returned questionnaires, actively monitoring critical vendors through continuous oversight and managing third-party risk questionnaires received when Mass Mutual serves as a vendor. This role ensures that there is a consistent, risk-driven approach to protecting the enterprise from supplier-related cyber threats.
- Vendor Onboarding & Due Diligence:
Oversee the vendor onboarding process, beginning with inherent risk assessments and tailored due diligence questionnaires. Lead the review of questionnaire responses, assign risk scores, and determine requirements for follow-up remediation or reassessment. Partner with Procurement, Legal, and Governance to ensure contract language reflects cyber requirements.
- Ongoing Vendor Monitoring:
Direct continuous monitoring of critical and high-risk vendors using third-party risk intelligence tools (e.g., RiskRecon). Oversee periodic reassessments based on vendor tier, risk exposure, and regulatory requirements. Ensure supplier vulnerabilities and incident notifications are addressed and escalated appropriately.
- Third-Party Questionnaire Responses:
Manage the function that responds to cybersecurity questionnaires MassMutual receives as a third party to other organizations. Ensure responses are accurate, consistent, and aligned with enterprise security posture and regulatory expectations.
- Governance, Reporting & Stakeholder Engagement:
Provide executive-level reporting on third-party cyber risk posture, metrics, and emerging risks. Align with Governance, Enterprise Risk Management, and Internal Audit to ensure defensible oversight. Partner with BISOs, platform engineering, and security control owners to ensure vendor cyber risk is accurately identified and managed.
The Team
The Cyber Third-Party Assurance (CTPA) team plays a critical role in protecting Mass Mutual's enterprise by managing cyber and operational risks across its vast supplier ecosystem. This team serves as a strategic partner to the business, providing assurance that our vendors and SaaS providers maintain the highest standards of security, compliance, and resilience. Leveraging advanced tools and regulatory expertise, CTPA delivers proactive risk insights, drives remediation of control gaps, and strengthens the organization's ability to meet stringent expectations from regulators, clients and the board. The team operates at the intersection of governance, procurement, and enterprise risk, ensuring that third-party dependencies do not become enterprise vulnerabilities. By leading this function, the incoming director will directly influence Mass Mutual's risk posture, reputation and ability to innovate securely with trusted partners.
The Impact:
- Protects the enterprise from supplier-related cyber threats and regulatory exposure.
- Strengthens resilience through proactive risk identification, monitoring, and remediation.
- Enhances vendor trust and reputation through a mature, transparent, and defensible third-party cyber risk program.
- Provides leadership with actionable intelligence to inform decision-making.
The Minimum Qualifications
- Bachelor's degree in information technology, Cyber Security, or a related field.
- 8+ years of experience in cybersecurity, including 4+ years in a leadership role focused on third-party risk management, or vendor assurance.
- Authorized to work in the US without requiring sponsorship now and in the future.
The Ideal Qualifications
- Knowledge of regulatory frameworks (NIST CSF 2.0, CRI Profile, etc.).
- Strong analytical skills for measuring program effectiveness and driving continuous improvement.
- Demonstrated experience in managing risk assessments, due diligence, and continuous monitoring processes.
- Familiarity with vendor risk intelligence platforms (e.g., , RiskRecon) and GRC tools (e.g., Archer, Process Unity).
- Excellent communication and stakeholder engagement skills, including executive-level reporting.
- CISSP, CTPRP, or related certifications preferred.
#LI-SC1
MassMutual is an equal employment opportunity employer. We welcome all persons to apply.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Salary Range: $148,300.00-$194,600.00
Top Skills
Archer
Process Unity
Riskrecon
MassMutual Boston, Massachusetts, USA Office
Our new Boston campus opened in November in the Seaport neighborhood.
Boston Campus
Just like MassMutual, Boston's Seaport district is surrounded by decades of history, yet is now being recognized as a hub for digital innovation and professional growth. With us you can develop the skills you need to build a successful future and connect with talented and collaborative colleagues working together to help people secure their future and protect the ones they love.
Similar Jobs at MassMutual
Big Data • Fintech • Information Technology • Insurance • Financial Services
Leading design and implementation of innovative learning experiences, overseeing L&D programs, and integrating emerging technologies to enhance employee growth and engagement.
Top Skills:
AIInstructional DesignLearning Experience PlatformsLearning TechnologiesVr/Ar
Big Data • Fintech • Information Technology • Insurance • Financial Services
The Information Security Consultant will monitor and analyze inbound cyber threats, validate events, coordinate responses, and produce intelligence reports while collaborating with various internal teams.
Top Skills:
Comptia Cysa+Comptia Security+Cyber SecurityMitre Att&CkSIEM
Big Data • Fintech • Information Technology • Insurance • Financial Services
Responsible for developing and executing omni-channel marketing campaigns, creating content for annuities and collaborating with various stakeholders to drive engagement and sales.
Top Skills:
ExcelMicrosoft OutlookMicrosoft PowerpointMicrosoft SharepointMicrosoft SkypeMicrosoft Word
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
