Technology Sr. Manager, Cyber Risk Management
Share
Job Location:
Raleigh, WV - USA
Monthly Salary:
Not Disclosed
Posted on:
2 hours ago
Vacancies:
1 Vacancy
Job Summary
Start/End Dates: 4/27/2026 - 10/31/2026
Tax Work Location: Raleigh CSC
Job Title: Technology - Sr. Manager Cyber Risk Management
Ideal Candidate Profile Summary:
5 years (Sr. Mgr level) of 3rd party experience evaluating vendors looking at service organization control reports assess risk for 3rd parties. Questionnaire already built for vendors may need to tweak to reduce risk and add value.
OSACA certification CRISC CISM CISSP would be helpful
Remote or On-site: Hybrid potential to convert to FT after 6 month. Must be within commuting distance to Raleigh NC
Work Schedule: 8:00 - 5:00 may work with teams in India with occasional early morning hours.
Interview Process: 2 rounds of interviews first with hiring manager then with leadership team.
Third Party Cyber Risk Manager
Function: Cyber GRC / Information Security
Focus: Third Party Cyber Risk Management (TPRM / TPCRM)
Role Summary
The Third Party Cyber Risk Manager is responsible for designing executing and operating the organizations Third Party Cyber Risk Management (TPCRM) program. This role identifies assesses and manages cyber risks introduced by vendors suppliers and service providers ensuring third parties meet the companys security compliance and risk standards throughout the vendor lifecycle.
Key Responsibilities
Program Ownership & Execution
Own and operate the Third Party Cyber Risk Management lifecycle including vendor intake inherent risk assessment due diligence risk treatment and ongoing monitoring.
Establish and maintain a risk based vendor tiering model and tier specific security requirements aligned to company standards and risk appetite.
Ensure the TPCRM program is defensible repeatable and audit ready addressing Internal Audit and regulatory expectations.
Vendor Cyber Risk Assessment
Conduct and oversee security due diligence of third parties including questionnaires evidence review (e.g. SOC reports policies certifications) and control validation based on vendor risk tier.
Identify control gaps assess residual risk and require remediation plans or formal risk acknowledgment where necessary working with Cyber Risk Management Team.
Provide clear cyber risk outcomes to business stakeholders to support vendor selection onboarding and renewal decisions.
Governance Reporting & Stakeholder Management
Partner with Procurement Legal Compliance Internal Audit Enterprise Risk and business owners to embed cyber risk requirements into vendor onboarding and contracting processes.
Ensure required security data protection breach notification and right to audit clauses are incorporated into vendor contracts in coordination with Legal.
Track monitor and report on vendor cyber risk posture remediation status and key risk indicators (KRIs).
Tooling & Process Enablement
Execute and operationalize the TPCRM program using OneTrust (or equivalent GRC tooling) for workflow evidence management and reporting.
Maintain documentation and evidence demonstrating program execution for audits and regulatory reviews.
Experience & Skills
Experience in cybersecurity GRC or third party risk management
Strong understanding of vendor cyber risk control frameworks and risk assessment concepts (inherent vs. residual risk remediation risk acceptance)
Ability to translate technical risk findings into clear business decisions
Experience operating or supporting a GRC / TPRM platform (e.g. OneTrust)
Required Qualifications
Bachelors degree in Information Security Risk Management Information Systems or a related field or equivalent professional experience.
6 years of experience in cybersecurity information security risk management GRC or third party risk management with demonstrated program ownership.
Strong understanding of third party cyber risk concepts including inherent risk residual risk remediation and risk acceptance.
Experience partnering with Procurement Legal and business stakeholders in a large complex enterprise environment.
Proven ability to translate technical risk findings into clear business focused recommendations.
Preferred Qualifications
Experience operating or implementing a TPRM / GRC platform (e.g. OneTrust).
Experience supporting internal audit regulatory or external assessment activities related to third party risk.
Professional certifications such as CISSP CISM CRISC or similar.
Tax Work Location: Raleigh CSC
Job Title: Technology - Sr. Manager Cyber Risk Management
Ideal Candidate Profile Summary:
5 years (Sr. Mgr level) of 3rd party experience evaluating vendors looking at service organization control reports assess risk for 3rd parties. Questionnaire already built for vendors may need to tweak to reduce risk and add value.
OSACA certification CRISC CISM CISSP would be helpful
Remote or On-site: Hybrid potential to convert to FT after 6 month. Must be within commuting distance to Raleigh NC
Work Schedule: 8:00 - 5:00 may work with teams in India with occasional early morning hours.
Interview Process: 2 rounds of interviews first with hiring manager then with leadership team.
Third Party Cyber Risk Manager
Function: Cyber GRC / Information Security
Focus: Third Party Cyber Risk Management (TPRM / TPCRM)
Role Summary
The Third Party Cyber Risk Manager is responsible for designing executing and operating the organizations Third Party Cyber Risk Management (TPCRM) program. This role identifies assesses and manages cyber risks introduced by vendors suppliers and service providers ensuring third parties meet the companys security compliance and risk standards throughout the vendor lifecycle.
Key Responsibilities
Program Ownership & Execution
Own and operate the Third Party Cyber Risk Management lifecycle including vendor intake inherent risk assessment due diligence risk treatment and ongoing monitoring.
Establish and maintain a risk based vendor tiering model and tier specific security requirements aligned to company standards and risk appetite.
Ensure the TPCRM program is defensible repeatable and audit ready addressing Internal Audit and regulatory expectations.
Vendor Cyber Risk Assessment
Conduct and oversee security due diligence of third parties including questionnaires evidence review (e.g. SOC reports policies certifications) and control validation based on vendor risk tier.
Identify control gaps assess residual risk and require remediation plans or formal risk acknowledgment where necessary working with Cyber Risk Management Team.
Provide clear cyber risk outcomes to business stakeholders to support vendor selection onboarding and renewal decisions.
Governance Reporting & Stakeholder Management
Partner with Procurement Legal Compliance Internal Audit Enterprise Risk and business owners to embed cyber risk requirements into vendor onboarding and contracting processes.
Ensure required security data protection breach notification and right to audit clauses are incorporated into vendor contracts in coordination with Legal.
Track monitor and report on vendor cyber risk posture remediation status and key risk indicators (KRIs).
Tooling & Process Enablement
Execute and operationalize the TPCRM program using OneTrust (or equivalent GRC tooling) for workflow evidence management and reporting.
Maintain documentation and evidence demonstrating program execution for audits and regulatory reviews.
Experience & Skills
Experience in cybersecurity GRC or third party risk management
Strong understanding of vendor cyber risk control frameworks and risk assessment concepts (inherent vs. residual risk remediation risk acceptance)
Ability to translate technical risk findings into clear business decisions
Experience operating or supporting a GRC / TPRM platform (e.g. OneTrust)
Required Qualifications
Bachelors degree in Information Security Risk Management Information Systems or a related field or equivalent professional experience.
6 years of experience in cybersecurity information security risk management GRC or third party risk management with demonstrated program ownership.
Strong understanding of third party cyber risk concepts including inherent risk residual risk remediation and risk acceptance.
Experience partnering with Procurement Legal and business stakeholders in a large complex enterprise environment.
Proven ability to translate technical risk findings into clear business focused recommendations.
Preferred Qualifications
Experience operating or implementing a TPRM / GRC platform (e.g. OneTrust).
Experience supporting internal audit regulatory or external assessment activities related to third party risk.
Professional certifications such as CISSP CISM CRISC or similar.
Key Skills
- Children Activity
- Graphic Designing
- Information Technology
- FX
- Airlines
- Asic
