Head of Third Party Risk Management

About the Technical Finance Team at OpenAI : The Technical Finance team at OpenAI is crucial for maintaining our organization’s financial and operational integrity. We focus on managing key risk areas, developing robust frameworks, and ensuring compliance with industry standards. Our team collaborates across functions to improve processes and safeguard OpenAI’s objectives, making risk management an integral part of achieving our mission.

Join Our Mission : We are looking for an experienced and dynamic Third Party Risk Manager to build and lead our Third Party Risk Management (TPRM) function from the ground up. This critical role involves designing and implementing a comprehensive TPRM program to identify, assess, and monitor risks across our third-party ecosystem. The successful candidate will work closely with stakeholders from Security GRC, Legal, and other business units, serving as the central coordinator for TPRM and driving the program’s maturity and effectiveness.

Strategic Leadership : Reporting directly to the Head of Internal Controls, the candidate will play a pivotal role in shaping OpenAI’s risk management landscape. This is an opportunity to establish a function that aligns with our growth trajectory and mission, ensuring that our partnerships and vendor relationships remain secure, compliant, and resilient.

In This Role, You Will :

Own Risk Management :

Establish a TPRM Program : Develop frameworks, policies, procedures, and tools to identify, assess, and manage third-party risks across OpenAI’s operations.

Conduct Risk Assessments : Coordinating initial and ongoing evaluations of vendors across domains, working with risk-owners across the business in addressing data security, cyber risk, regulatory compliance, and operational impact.

Design Monitoring Processes : Create robust risk monitoring systems with clearly defined thresholds to ensure early detection and mitigation of risks.

Lead and Collaborate :

Central Coordinator for TPRM : Serve as the central point of contact for TPRM, integrating and aligning efforts from Security, Legal, and other teams into a cohesive program.

Champion Program Development : Advocate for TPRM best practices, build awareness across the organization, and drive program maturity.

Incident Response : Partner with Security and Legal teams to assess third-party incidents, ensuring effective response and communication strategies.

Monitor and Improve Processes :

Training and Awareness : Design and deliver training programs to educate stakeholders on TPRM policies and foster a culture of risk awareness.

Reporting and Metrics : Develop and deliver regular reports to leadership, highlighting program effectiveness, vendor risk profiles, and incident responses. Establish KPIs to track performance.

Stay Current : Monitor industry trends, regulatory changes, and best practices to enhance the TPRM program’s efficiency and effectiveness.

You Might Thrive in This Role If You Have :

Experience : At least 8 years in Third Party Risk Management, preferably within high-growth tech companies. Proven experience building TPRM functions is highly desirable.

Technical Knowledge : Understanding of privacy, data security, cyber risk, regulatory compliance, and risk management practices in a tech environment.

Leadership Skills : Strong project management and leadership abilities to influence cross-functional teams without direct authority.

Interpersonal Skills : Excellent communication and relationship-building skills to collaborate effectively with Security GRC, Legal, Finance, and business units.

Analytical Expertise : Ability to analyze complex risks and provide actionable recommendations aligned with business objectives.

Certifications : CRISC, CTPRP, or equivalent risk management certifications are a plus.

Why Join OpenAI? This is a unique opportunity to shape a critical function in a high-growth tech company from its inception. At OpenAI, you’ll have the chance to build a TPRM program that will scale with our business, work with passionate and talented colleagues, and make a tangible impact on our risk landscape.