Jobs · Finance

Third Party Risk Management Lead

Sungrow · United States · 3 mo ago
RemoteRemoteFinanceContract

Key Responsibilities

  • Build and operate the TPRM program lifecycle, including:
    • Vendor intake and risk tiering
    • Security assessments and due diligence
    • Ongoing monitoring and reassessment
    • Define and enforce minimum security requirements for vendors and suppliers
    • Partner with legal and procurement to embed security and risk clauses into contracts
    • Establish processes for exception management and risk acceptance
  • Risk Assessment & Due Diligence:
    • Lead execution of third-party security reviews, including:
    • Questionnaires and evidence validation
    • Review of SOC 2, ISO certifications, and supporting artifacts
    • Identify and communicate material risks and required mitigations
    • Ensure alignment to frameworks (NIST, ISO 27001, SOC 2, NERC CIP where applicable)
  • Continuous Monitoring & Issue Management:
    • Implement ongoing monitoring capabilities for vendor risk posture
    • Track and drive remediation of identified third-party risks
    • Maintain visibility into fourth-party and supply chain dependencies where relevant
  • Business Continuity & Resilience (BCDR/BIA Support):
    • Support development of Business Impact Analysis (BIA) across critical functions
    • Partner with business and IT stakeholders to define:
    • Critical processes
    • Recovery time objectives (RTO) / recovery point objectives (RPO)
    • Contribute to the development of BCDR plans and testing frameworks
    • Ensure third-party dependencies are integrated into continuity planning
  • Governance, Reporting & Audit Readiness:
    • Develop and track TPRM KPIs and risk metrics
    • Provide executive-level reporting on third-party risk posture
    • Maintain documentation and evidence to support:
    • Audits
    • Customer security reviews
    • Regulatory inquiries
    • Ensure program is defensible and repeatable
  • Cross-Functional Collaboration:
    • Partner with:
    • Procurement (vendor onboarding)
    • Legal (contractual protections)
    • IT and engineering (technical validation)
    • Act as the central point of coordination for third-party risk decisions

Requirements

  • 7–10+ years of experience in third-party risk management, GRC, or vendor risk programs
  • Proven experience building or leading a TPRM program in a regulated or enterprise environment
  • Strong understanding of:
  • Vendor risk assessment methodologies
  • Security frameworks (NIST, ISO 27001, SOC 2)
  • Experience reviewing:
  • Security documentation (policies, controls, audit reports)
  • Third-party attestations (SOC 2, ISO certifications)
  • Working knowledge of business continuity and resilience concepts (BIA, BCDR)
  • Ability to drive cross-functional alignment and accountability

Preferred Experience

  • In energy, industrial, or critical infrastructure sectors
  • Familiarity with NERC CIP requirements
  • Experience implementing or operating TPRM platforms/tools
  • Certifications such as CRISC, CISM, CISSP, or CTPRP

Competencies

  • Program Builder: Can stand up and mature TPRM from structure to scale
  • Risk Translator: Converts vendor risk into business and contractual impact
  • Governance-Oriented: Ensures decisions are documented and defensible
  • Cross-Functional Operator: Effective with procurement, legal, IT, and engineering
  • Pragmatic Enforcer: Balances risk reduction with business enablement
  • Strategic Fit: Establishes control over external risk exposure
  • Strengthens customer trust and regulatory alignment
  • Enables defensible procurement and vendor onboarding decisions
  • Buils foundation for enterprise resilience and continuity planning

Similar jobs

Third Party Risk Lead

Old National BankChicago, IL· 3 wk ago
Management$82k–$165k/yrapply on careers-oldnational.icims.com

Third Party Risk Lead

Old National BankLake Elmo, MN· 3 wk ago
Management$82k–$165k/yrapply on careers-oldnational.icims.com