Senior IT Third Party Risk Manager

Job Summary: We are seeking an experienced Senior IT Third-Party Risk Manager to play a critical role in overseeing the governance, reporting, and assessment of third-party cybersecurity risks within our insurance organization. Reporting into the Head of IT Third-Party Risk Management within the Group IT Governance Risk and Compliance team, this role will provide strategic oversight for third-party risk governance, regulatory compliance, and risk assessment operations. As a senior member of the IT Third-Party Risk team, this role will lead governance reporting efforts, drive risk-based decision-making, and oversee a small team of outsourced risk assessors to ensure the quality and effectiveness of vendor security evaluations. The ideal candidate will have deep expertise in third-party risk management (TPRM) frameworks, regulatory requirements, and stakeholder engagement at an executive level. Key Responsibilities Strategic Oversight of Third-Party Risk Management Support the Group Head of IT Third-Party Risk Management in developing and executing the global TPRM strategy. Ensure the IT TPRM framework aligns with NIST CSF, ISO 27001, and key regulatory requirements (e.g., NYDFS 23 NYCRR 500, NAIC, GDPR). Oversee third-party risk scoring, tiering methodology, and risk remediation processes, ensuring a risk-based approach. Collaborate with Legal, Procurement, Information Security, Enterprise Risk, and Business Units to integrate TPRM into enterprise risk practices. Stay ahead of emerging third-party risk trends, threats, and evolving regulatory expectations impacting the insurance industry. Program Development and Implementation: Develop and implement a comprehensive TPRM program, including policies, procedures, and processes. Ensure alignment with regulatory requirements and industry best practices. Establish and maintain a robust TPRM framework. Governance Reporting & Executive Communication Develop and deliver executive-level risk reports on third-party risk trends, key findings, and program effectiveness to senior leadership, risk committees, and regulators. Establish and track key risk indicators (KRIs) and key performance indicators (KPIs) for third-party risk governance. Serve as a key representative for third-party risk during internal audits, regulatory reviews, and board-level discussions. Support the Group Head of IT Third-Party Risk Management in defining and evolving governance structures for global third-party risk oversight. Management of Outsourced Risk Assessors Oversee and manage a team of outsourced risk assessors, ensuring quality execution of vendor security reviews. Monitor outsourced teams to ensure compliance with internal risk frameworks and regulatory requirements. Act as a senior escalation point for complex third-party risk issues, working closely with vendors and business leaders to drive remediation. Risk Assessment and Management: Conduct third-party risk assessments across various categories and supplier relationships. Identify, assess, and evaluate potential risks associated with third parties. Training and Development: Develop and deliver training programs for internal teams on TPRM processes. Ensure that all relevant personnel are adequately trained on TPRM policies and procedures. Provide mentorship to junior members of the team Qualifications & Experience 7+ years of experience in third-party risk management, cybersecurity risk, or governance roles, preferably in insurance or financial services. Strong expertise in cybersecurity frameworks (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls) and regulatory requirements (e.g., NYDFS, NAIC, GDPR, DORA). Demonstrated ability to lead governance reporting, executive risk communication, and regulatory engagements. Experience in managing vendor risk assessments and leading outsourced/offshore teams. Proficiency in GRC tools (e.g., OneTrust, ServiceNow) and data-driven risk reporting. Strong analytical and stakeholder management skills, with a proven track record of influencing senior leadership. Relevant certifications (e.g., CISSP, CISM, CTPRP, CRISC) preferred.

Salary : $122,000 - $170,000