3rd Party Risk Manager

Job Description

We are seeking a hands on Third Party Risk Manager with a strong cybersecurity focus to help design, operationalize, and mature an evolving Third Party Risk Management (TPRM) program. This individual will own vendor cyber risk throughout the lifecycle - due diligence, tiering, onboarding, continuous monitoring, and issue management - while working within an existing but loosely structured framework across Procurement, Compliance, and IT Operations.

Key Responsibilities

• Design and mature a cyber focused TPRM program in an immature-to-developing state.

• Perform vendor due diligence, including review of SOC 1 / SOC 2 Type II reports, security questionnaires, and regulatory requirements.

• Establish and execute a three tier vendor risk model (High / Medium / Low) based on criticality and cyber exposure.

• Develop a unified operating plan for vendor onboarding, monitoring, and risk escalation.

• Determine when and how to challenge vendors on control gaps, remediation plans, and residual risk.

• Build and support continuous cyber risk monitoring and critical vendor scanning capabilities.

• Own ongoing monitoring of high risk vendors post onboarding.

• Define and track TPRM metrics to measure risk posture and program effectiveness.

• Support initiatives to reduce third party risk exposure, including vendor rationalization.

• Partner closely with Procurement, Compliance, IT, Security, and external vendors to ensure effective execution.

• Ensure the TPRM program is operational, repeatable, and audit ready.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:

Skills and Requirements

• 5+ years of experience in Third Party Risk Management, Cyber Risk, or Information Security.

• Strong hands on experience reviewing full SOC 1 / SOC 2 Type II reports.

• Experience assessing security questionnaires and regulatory/security requirements.

o Experience working directly with vendors to assess, challenge, and remediate risk.

• Proven ability to tier vendors and manage risk based decisioning.

• Ability to design practical, operational processes across frameworks.

• Ability to define, track, and report TPRM metrics. - Experience with TPRM tools/platforms (e.g., CoreStream).

• Experience with continuous cyber risk monitoring platforms (e.g., BlackKite or similar).

• Experience automating third party risk workflows.

• Exposure to regulated environments (financial services, healthcare, life sciences).

• Experience supporting vendor risk reduction or third party footprint consolidation.

• Audit or regulator facing TPRM experience.