Manager of IT Risk & Compliance - IT TPRM

The Manager of IT Third-Party Risk Management is a seasoned leader responsible for guiding a high-performing team and overseeing multiple programs that strengthen vendor-related IT risk and compliance capabilities across the organization. This role ensures alignment with enterprise goals, focusing on mitigating business risks and driving operational efficiency. A key aspect of the role is fostering team development through mentorship, training, and career growth opportunities to cultivate a collaborative and high-performance culture.

Lead the assessment, monitoring, and mitigation of risks associated with third-party vendors and service providers supporting the organization’s technology ecosystem. Ensure that third-party IT engagements comply with internal policies, regulatory requirements, and industry best practices in cybersecurity, data privacy, and operational resilience.

Successful Candidates Will Demonstrate Expertise in the Following Areas:

Program Leadership & Strategy

• Develop and maintain the IT Third-Party Risk Management (TPRM) framework, policies, and procedures.

• Lead resolution of complex challenges across projects or programs, identifying strategic or procedural solutions and driving process improvements.

• Collaborate with Procurement, Legal, Compliance, and IT teams to embed risk management throughout the vendor lifecycle.

• Identify and implement opportunities to enhance process efficiency and effectiveness; coach team members in continuous improvement.

• Support IT-driven initiatives aligned with domain roadmaps or business effectiveness goals.

Risk Assessment & Monitoring

• Oversee risk assessments for new and existing third-party vendors, with a focus on cybersecurity, data protection, and operational risk.

• Evaluate vendor controls using techniques such as questionnaires, documentation reviews, and external intelligence.

• Conduct ongoing due diligence and periodic reviews to monitor vendor performance and risk posture.

Governance & Reporting

• Prepare and deliver risk reports, metrics, and dashboards to senior leadership and governance committees.

• Track remediation efforts and escalate critical issues as appropriate.

• Ensure compliance with relevant standards and frameworks (e.g., NIST, ISO 27001).

Stakeholder Engagement

• Manage stakeholder relationships to align strategic direction and program execution with organizational goals.

• Champion GRC tools and services that drive operational efficiency.

• Collaborate with associates and senior executives to advance risk management practices and solutions.

• Maintain a customer-focused operating model for risk and compliance services.

• Serve as a subject matter expert and advisor to business units on third-party risk.

• Build strong relationships with internal stakeholders and external vendors to promote risk awareness and accountability.

• Influence decision-making within the internal stakeholder community.

Technology & Tools

• Provide technical and managerial oversight across multiple risk and compliance projects and programs.

• Allocate resources strategically to support initiatives aligned with organizational priorities.

• Manage and optimize third-party risk management platforms and tools (e.g., ProcessUnity, ServiceNow).

• Leverage automation and analytics to improve risk visibility and operational efficiency.

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field (Master’s preferred).

• 8+ years of experience in IT risk management, vendor risk, or cybersecurity, including 3+ years in a leadership role.

• Deep understanding of third-party risk frameworks and regulatory requirements.

• Broad knowledge of risk and compliance concepts, technologies, and practices across multiple domains.

• Experience with industry frameworks and standards to ensure alignment with best practices and regulatory expectations.

• Proficiency with risk assessment tools (e.g., ServiceNow, SIG, BitSight, ProcessUnity).

• Strong communication, leadership, and stakeholder management skills.

• Relevant certifications (e.g., CISM, CRISC, CISSP) are a plus.

• Strategic thinker with a proactive, solution-oriented mindset.

• Ability to manage multiple priorities in a fast-paced environment.

• Strong analytical and problem-solving skills.

• Comfortable presenting to senior executives and boards.