Third Party Risk Manager
San Jose, CA - USA
Job Summary
Archer is an aerospace company based in San Jose California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing manufacturing and operating an all-electric aircraft that can carry four passengers while producing minimal noise.
Our sights are set high and our problems are hard and we believe that diversity in the workplace is what makes us smarter drives better insights and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences and supports and celebrates all of our team members.
Archer is an aerospace company based in San Jose California building an all-electric vertical takeoffand landing aircraft with a mission to advance the benefits of sustainable air mobility. We aredesigning manufacturing and operating an all-electric aircraft that can carry four passengers whileproducing minimal sights are set high and our problems are hard and we believe that diversity in the workplace iswhat makes us smarter drives better insights and will ultimately lift us all to success. We arededicated to cultivating an equitable and inclusive environment that embraces our differences andsupports and celebrates all of our team members.
Job Overview
Archer is building the future of urban air mobility. Our supply chain spans hundreds of vendors from avionics hardware suppliers to cloud infrastructure providers and a compromise anywhere in that ecosystem could impact aircraft certification delay FAA approvals or expose sensitive information. You are key to effective enforcement of our extended enterprise third-party risk posture. Archer is seeking a Senior Third Party Risk Management (TPRM) Engineer to execute our vendor cyber risk function across all tiers of our supplier this high-visibility role you will use platforms like BitSight to continuously monitor investigate triage and action security risks introduced by third-party partners and their downstream (4th-party) suppliers. You will serve as the connective tissue between Security Sourcing Legal and executive leadership translating third party risk indicators into actionable threat intelligence and coordinated response actions while ensuring strict compliance with NIST SP 800-171 CMMC Level 2 and SOX ITGC requirements. This role requires both hands-on technical depth and program-building acumen. You will support and execute Archers TPRM function from the ground up develop risk-tiered due diligence processes and ensure vendor security posture remains aligned with our CMMC Level 2 NIST SP 800-161 and DFARS obligations as we grow our defense programs.
Key Responsibilities
Operate BitSight and complementary EASM/continuous monitoring platforms as the primarylens into Archers third-party attack surface. Maintain a tiered vendor inventory configureportfolio monitoring tune alert thresholds and ensure new vendors are onboarded into theprogram at contract execution.
Conduct deep-dive investigations into vendor risk signals including unpatched CVEsexposed services credential leaks certificate anomalies business deterioration and darkweb indicators. Correlate external ratings data with internal telemetry to assess truebusiness exposure and eliminate false positives before escalation.
Extend visibility beyond direct vendors to identify and monitor critical 4th-partysub-processor dependencies. Map supply chain concentration risks single points of failureand foreign ownership or influence (FOCI) concerns for vendors supporting defenseprograms or handling CUI.
Drive risk closure by issuing formal findings coordinating with internal vendor relationshipowners and tracking remediation commitments through resolution. Engage procurementand legal channels when vendors are non-responsive or remediation timelines areunacceptable.
Produce crisp executive-quality risk briefings board-level metrics and ad-hoc deep-dives forthe CISO General Counsel and program security leads. Escalate critical orrapidly-deteriorating vendor risk findings in near-real-time with clear business impactstatements and recommended courses of action.
Design and administer risk-tiered security questionnaires for new and renewing responses validate claims against external signals execute integrated duediligence checkpoints in Archers procurement workflow.
Influence develop and maintain TPRM policies standards and procedures aligned to NISTSP 800-161 (C-SCRM) CMMC Level 2 SR practices and ISO 27036. Provide transparency toexternal audits and government assessments by maintaining organized evidence of vendorrisk controls and remediation activity.
Serve as the TPRM lead during vendor-related security incidents coordinating with Archersinternal IR team managing vendor communications under legal hold protocols and drivingroot cause analysis and contractual remedies following a third-party breach.
Required Qualifications
7 years in cybersecurity with at least 3 years of dedicated third-party or supply chain riskmanagement experience
Demonstrated hands-on proficiency with BitSight or an equivalent continuous monitoringplatform including alert tuning portfolio management vendor engagement workflows andpeer benchmarking
Deep working knowledge of NIST SP 800-161 (C-SCRM) NIST CSF CMMC Level 2 SR and CApractices and ISO 27036 as they apply to vendor security governance
Experience conducting structured vendor security due diligence across SaaS cloudinfrastructure hardware manufacturers and professional services suppliers
Proven ability to investigate and triage cyber risk findings at scale correlating externalsignals with business context to produce prioritized actionable intelligence for bothtechnical and non-technical stakeholders
Familiarity with 4th-party risk mapping sub-processor disclosure reviews and supply chainconcentration risk analysis
Excellent written and verbal communication skills able to translate complex vendor riskfindings into executive-ready briefings board-level dashboards and actionable
Eligibility to obtain a DoD Secret security clearance
Preferred Qualifications
Certifications: CTPRP (Prevalent) CRISC CISSP CISM or equivalent risk managementcredentials
Active DoD Secret or Top Secret/SCI clearance
Familiarity with ITAR/EAR data sharing constraints and their implications for vendorcontracting and CUI handling
Exposure to FOCI (Foreign Ownership Control or Influence) assessments
Experience integrating TPRM tooling with GRC platforms or building risk workflowautomation (e.g. auto-routing findings SLA tracking contract clause triggers)
Prior startup or high-growth company experience comfort operating with limitedbureaucracy and building programs that scale with business growth
Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications
At Archer we aim to attract retain and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Companys business strategy. For this position we are targeting a base pay between $207400 - $259200. Actual compensation offered will be determined by factors such as job-related knowledge skills and experience.
Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit qualifications and business needs. We do not discriminate based upon race color religion sex sexual orientation age national origin disability status protected veteran status gender identity or any other characteristic protected by federal state or local laws.
Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archers People Team at. Reasonable accommodations will be determined on a case-by-case basis.
Information collected and processed as part of any job applications you choose to submit is subject to Archers Candidate Privacy Policy.
Archer is unable to provide work visa sponsorship for this position at the present time.
Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit qualifications and business needs. We do not discriminate based upon race color religion sex sexual orientation age national origin disability status protected veteran status gender identity or any other characteristic protected by federal state or local laws.
Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer please reach out to. All employment processes are managed by the Archer People Team.
Required Experience:
Manager
About Company
Archer is designing and developing electric vertical takeoff and landing (eVTOL) aircraft for use in urban air mobility networks. Archer’s mission is to unlock the skies, freeing everyone to reimagine how they move and spend time. Archer's team is based in Santa Clara, CA.