The Cybersecurity Manager – Third-Party Risk Management (TPRM) is responsible for the operational leadership, effectiveness, and continuous maturation of the organization's Third-Party Risk Management program.
Working closely with the Director of TPRM, this role leads a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, remediation governance, and risk reporting activities.
Provide day-to-day leadership, guidance, and oversight for TPRM team members.
Coach, mentor, and develop team members through performance feedback, career development planning, training opportunities, and formal performance evaluations.
Manage team capacity, workload prioritization, resource allocation, and operational challenges to ensure timely delivery of assessments, contract reviews, strategic initiatives, and departmental objectives.
Accountable for team performance, service delivery metrics, quality standards, and achievement of operational goals.
Identify staffing, skillset, and resource needs to support current operations and future program growth.
Foster a culture of accountability, collaboration, innovation, and continuous improvement.
Provide operational oversight and quality assurance for third-party risk assessments, contract security reviews, continuous monitoring activities, and risk evaluations, ensuring consistent application of established methodologies and quality standards.
Own the operational health of the enterprise third-party portfolio by ensuring assessment service levels, continuous monitoring, remediation tracking, and executive visibility objectives are achieved.
Serve as the primary escalation point for complex vendor risk decisions, including risk acceptances, exceptions, compensating controls, remediation plans, and vendor approval recommendations.
Review and approve high-risk assessment findings, risk ratings, remediation recommendations, and exception requests to ensure consistency with enterprise risk standards.
Collaborate with business stakeholders on critical vendor engagements and initiatives.
Requirements
Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent combination of education and experience.
Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk management experience.
Minimum 2-3 years of direct people leadership experience.
Experience leading enterprise Third-Party Risk Management programs or significant cybersecurity governance initiatives.
Experience developing executive-level reporting, performance metrics, and strategic communications.
Demonstrated experience leading teams responsible for complex vendor risk assessments and cybersecurity evaluations.
Strong understanding of third-party risk management practices, cybersecurity controls, and risk assessment methodologies.
Experience developing policies, standards, and governance processes within cybersecurity or risk management functions.
Strong project management, organizational, and analytical skills.
Excellent written, verbal, and presentation skills with the ability to communicate effectively to both technical and executive audiences.
Ability to balance strategic planning with hands-on execution in a dynamic environment.