Senior Manager, Third-Party Risk Management
Position Summary
We are partnered with a U.S. based financial services and insurance company in search for a Senior Manager, Third-Party Risk Management professional in Richmond Virginia. This individual will lead the execution and continued evolution of an enterprise wide third party risk program. This role sits within the broader Risk organization and partners closely with leaders across Technology, Operations, and Sourcing/Vendor Management, Legal, Privacy, Compliance, and the Business to ensure third-party risks are understood, managed, and monitored across the full life-cycle.
This is a highly visible role for a risk leader who can blend program design, operational execution, stakeholder influence, and data-driven decision support.
Key Responsibilities
- Lead ongoing maturity of the TPRM program, ensuring alignment between policy, governance, controls, and day to day execution
- Own and optimize the TPRM technology platform and supporting tool-set
- Enhance workflows, automate manual processes, and improve data quality
- Build dashboards and reporting for leadership (portfolio risk views, critical vendors, assessment status, SLA's, issues, renewals, concentration risks)
- Define, track, and report KPIs and KRIs
- Support internal and external audits by maintaining well documented, repeatable controls and evidence
- Maintain governance artifacts, including policies, risk appetite alignment, RACI, and committee materials
- Deliver reporting to governance forums and leadership committees
- Monthly risk reviews, KRI/KPI reporting, issue tracking, executive reporting
- Develop standard operating procedures, playbooks, templates, and training to ensure consistent execution across stakeholders
- Partner with Sourcing/Vendor Management to embed risk requirements into intake, contracting, and vendor oversight processes
- Collaborate with Legal, Privacy, Compliance, and Information Security to align due diligence, contractual requirements, and control expectations
Required Qualifications
- Bachelor's degree or equivalent experience
- 8+ years of experience in third-party risk, technology risk, operational risk, compliance, or related disciplines
- 3+ years of leading programs and/or teams and influencing cross-functional stakeholders
- Demonstrated experience designing, implementing, or maturing TPRM programs
- Hands-on experience optimizing TPRM or GRC technology platforms
- Strong ability to translate risk into practical recommendations for senior leaders
- Solid understanding of third-party life-cycle practices, from due diligence through ongoing monitoring and remediation
Preferred
- Familiarity with frameworks and artifacts such as NIST, ISO 27001, SOC reports, and vendor oversight guidance
- Relevant certifications (CISA, CRISC, CISSP, CISM, or similar)
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your resume so you can be considered for roles that have yet to be created.
Yes, we help with resume and interview preparation. From customized support on how to optimize your resume to interview preparation and compensation negotiations, we advocate for you throughout your next career move.