Sr. Manager, Cyber Risk Management

Raleigh, WV - USA

Monthly Salary: Not Disclosed

Posted on: 5 hours ago

Vacancies: 1 Vacancy

Job Summary

Job Title: Third Party Cyber Risk Manager
Function: Cyber GRC / Information Security
Focus: Third Party Cyber Risk Management (TPRM / TPCRM)
Work Location: Hybrid onsite more often
Work Schedule: 8:00 AM 5:00 PM (occasional collaboration with teams in India)
Interview Process: 2 rounds Hiring Manager then Leadership Team

Contract To Hire

Role Summary

The Third Party Cyber Risk Manager is responsible for designing executing and operating the organizations Third Party Cyber Risk Management (TPCRM) program. This role identifies assesses and manages cyber risks introduced by vendors suppliers and service providers ensuring third parties meet the companys security compliance and risk standards throughout the vendor lifecycle.

Key Responsibilities

Own and operate the TPCRM lifecycle: vendor intake inherent risk assessment due diligence risk treatment and ongoing monitoring.
Establish and maintain vendor tiering models and tier specific security requirements.
Ensure the TPCRM program is defensible repeatable and audit ready.
Conduct and oversee vendor security due diligence (questionnaires SOC reports certifications control validation).
Identify control gaps assess residual risk and drive remediation or risk acceptance.
Partner with Procurement Legal Compliance Internal Audit and Enterprise Risk teams to embed cyber risk requirements into contracts and onboarding.
Track monitor and report on vendor cyber risk posture remediation status and KRIs.
Execute TPCRM program using OneTrust (or equivalent GRC tooling).

Required Qualifications

Bachelors degree in Information Security Risk Management Information Systems or related field.
6 years of experience in cybersecurity information security risk management GRC or third party risk management with program ownership.
Strong understanding of third party cyber risk concepts (inherent risk residual risk remediation risk acceptance).
Experience partnering with Procurement Legal and business stakeholders in large enterprises.
Ability to translate technical risk findings into clear business recommendations.

Preferred Qualifications

Experience operating or implementing a TPRM / GRC platform (e.g. OneTrust).
Experience supporting internal audit regulatory or external assessments related to third party risk.
Professional certifications: CISSP CISM CRISC or similar.

Job Title: Third Party Cyber Risk Manager Function: Cyber GRC / Information Security Focus: Third Party Cyber Risk Management (TPRM / TPCRM) Work Location: Hybrid onsite more often Work Schedule: 8:00 AM 5:00 PM (occasional collaboration with teams in India) Interview Process: 2 rounds ...

Contract To Hire

Role Summary

Key Responsibilities

Own and operate the TPCRM lifecycle: vendor intake inherent risk assessment due diligence risk treatment and ongoing monitoring.
Establish and maintain vendor tiering models and tier specific security requirements.
Ensure the TPCRM program is defensible repeatable and audit ready.
Conduct and oversee vendor security due diligence (questionnaires SOC reports certifications control validation).
Identify control gaps assess residual risk and drive remediation or risk acceptance.
Partner with Procurement Legal Compliance Internal Audit and Enterprise Risk teams to embed cyber risk requirements into contracts and onboarding.
Track monitor and report on vendor cyber risk posture remediation status and KRIs.
Execute TPCRM program using OneTrust (or equivalent GRC tooling).

Required Qualifications

Bachelors degree in Information Security Risk Management Information Systems or related field.
6 years of experience in cybersecurity information security risk management GRC or third party risk management with program ownership.
Strong understanding of third party cyber risk concepts (inherent risk residual risk remediation risk acceptance).
Experience partnering with Procurement Legal and business stakeholders in large enterprises.
Ability to translate technical risk findings into clear business recommendations.

Preferred Qualifications

Experience operating or implementing a TPRM / GRC platform (e.g. OneTrust).
Experience supporting internal audit regulatory or external assessments related to third party risk.
Professional certifications: CISSP CISM CRISC or similar.