Senior IT Third Party Risk Manager

Title: Senior IT Third Party Risk Manager Company: Everest Global Services, Inc. Job Category: Technology Job Description: About Everest: Everest is a leading global reinsurance and insurance provider, operating for nearly 50 years through subsidiaries in the Europe, Bermuda, Canada, Singapore, US, Latin America and other territories. Our strengths include extensive product and distribution capabilities, a strong balance sheet, and an innovative culture. Throughout our history, Everest has maintained its discipline and focuses on creating long-term value through underwriting excellence and strong risk and capital management. But the most critical asset in this organization is our people.  Job Summary: We are seeking an experienced Senior IT Third-Party Risk Manager to play a critical role in overseeing the governance, reporting, and assessment of third-party cybersecurity risks within our insurance organization. Reporting into the Head of IT Third-Party Risk Management within the Group IT Governance Risk and Compliance team, this role will provide strategic oversight for third-party risk governance, regulatory compliance, and risk assessment operations. As a senior member of the IT Third-Party Risk team, this role will lead governance reporting efforts, drive risk-based decision-making, and oversee a small team of outsourced risk assessors to ensure the quality and effectiveness of vendor security evaluations. The ideal candidate will have deep expertise in third-party risk management (TPRM) frameworks, regulatory requirements, and stakeholder engagement at an executive level. Key Responsibilities Strategic Oversight of Third-Party Risk Management Support the Group Head of IT Third-Party Risk Management in developing and executing the global TPRM strategy. Ensure the IT TPRM framework aligns with NIST CSF, ISO 27001, and key regulatory requirements (e.g., NYDFS 23 NYCRR 500, NAIC, GDPR). Oversee third-party risk scoring, tiering methodology, and risk remediation processes, ensuring a risk-based approach. Collaborate with Legal, Procurement, Information Security, Enterprise Risk, and Business Units to integrate TPRM into enterprise risk practices. Stay ahead of emerging third-party risk trends, threats, and evolving regulatory expectations impacting the insurance industry. Program Development and Implementation: Develop and implement a comprehensive TPRM program, including policies, procedures, and processes. Ensure alignment with regulatory requirements and industry best practices. Establish and maintain a robust TPRM framework. Governance Reporting & Executive Communication Develop and deliver executive-level risk reports on third-party risk trends, key findings, and program effectiveness to senior leadership, risk committees, and regulators. Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) for third-party risk governance. Serve as a key representative for third-party risk during internal audits, regulatory reviews, and board-level discussions. Support the Group Head of IT Third-Party Risk Management in defining and evolving governance structures for global third-party risk oversight. Management of Outsourced Risk Assessors Oversee and manage a team of outsourced risk assessors, ensuring quality execution of vendor security reviews. Monitor outsourced teams to ensure compliance with internal risk frameworks and regulatory requirements. Act as a senior escalation point for complex third-party risk issues, working closely with vendors and business leaders to drive remediation. Risk Assessment and Management: Conduct third-party risk assessments across various categories and supplier relationships. Identify, assess, and evaluate potential risks associated with third parties. Training and Development: Develop and deliver training programs for internal teams on TPRM processes. Ensure that all relevant personnel are adequately trained on TPRM policies and procedures. Provide mentorship to junior members of the team Qualifications & Experience 7 years of experience in third-party risk management, cybersecurity risk, or governance roles, preferably in insurance or financial services. Strong expertise in cybersecurity frameworks (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls) and regulatory requirements (e.g., NYDFS, NAIC, GDPR, DORA). Demonstrated ability to lead governance reporting, executive risk communication, and regulatory engagements. Experience in managing vendor risk assessments and leading outsourced/offshore teams. Proficiency in GRC tools (e.g., OneTrust, ServiceNow) and data-driven risk reporting. Strong analytical and stakeholder management skills, with a proven track record of influencing senior leadership. Relevant certifications (e.g., CISSP, CISM, CTPRP, CRISC) preferred. Why Join Us? Strategic, senior role in a highly regulated and evolving insurance risk landscape. Direct impact on the global third-party risk strategy and governance reporting. Competitive compensation, comprehensive benefits, and career growth opportunities. Our Culture  At Everest, our purpose is to provide the world with protection. We help clients and businesses thrive, fuel global economies, and create sustainable value for our colleagues, shareholders and the communities that we serve. We also pride ourselves on having a unique and inclusive culture which is driven by a unified set of values and behaviours. Click here to learn more about our culture.     Our Values are the guiding principles that inform our decisions, actions and behaviours. They are an expression of our culture and an integral part of how we work: Talent. Thoughtful assumption of risk. Execution. Efficiency. Humility. Leadership. Collaboration. Diversity, Equity and Inclusion.   Our Colleague Behaviours define how we operate and interact with each other no matter our location, level or function: Respect everyone. Pursue better. Lead by example. Own our outcomes. Win together.      All colleagues are held accountable to upholding and supporting our values and behaviours across the company. This includes day to day interactions with fellow colleagues, and the global communities we serve.   Type: Regular Time Type: Full time Primary Location: Warren, NJ Additional Locations: Everest is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex (including pregnancy), sexual orientation, gender identity or expression, national origin or ancestry, citizenship, genetics, physical or mental disability, age, marital status, civil union status, family or parental status, veteran status, or any other characteristic protected by law. As part of this commitment, Everest will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Everest Benefits at everestbenefits@everestglobal.com. Everest U.S. Privacy Notice | Everest (everestglobal.com) Beware of recruitment fraud Please be cautious of phishing scams involving fake Everest job postings and individuals posting as Everest representatives making phony job offers. Always verify the identity of the recruiting professionals you work with. What you should know: At Everest, your privacy, security, and safety are of utmost importance to us. Everest will never ask for payment or any financial information as part of the hiring process. All job-related written communications from our internal recruitment team will come from official email addresses that end in our company domain. EVEREST is a leading international reinsurance and insurance group with an extensive distribution network that spans five continents. With roots dating back to 1973, Everest has developed a global footprint and deep client relationships that are largely unmatched by its peers. The Company’s principal business strategies seek to leverage its strengths to optimize returns over the underwriting cycle, thereby creating value for its shareholders and business partners.