Posted Jul 10, 2026

Third-Party Risk Manager, Cybersecurity

Apply for this Position →
Job Description: • Develop, manage, and continuously improve the organization’s Third-Party Risk Management (TPRM) program and platform, including policies, procedures, risk methodologies, and performance metrics. • Lead risk assessments and due diligence processes for new and existing third-party vendors, including IT, business services, SaaS providers, and critical suppliers. • Build criteria and processes to evaluate AI-based vendor technologies to identify risk exposure. • Evaluate vendor security practices, policies, and controls using industry frameworks (e.g., NIST CSF). • Partner with Procurement, Legal, Compliance, IT, and business stakeholders to integrate risk assessments into the vendor lifecycle—from onboarding through termination and to review contracts, Business Associate Agreements (BAAs), and data-sharing agreements. • Maintain a current and accurate vendor risk inventory and drive the development and execution of corrective action plans for vendors with risks or compliance gaps. • Oversee the implementation of continuous monitoring controls and ensure timely reassessments of vendor risks. • Collaborate with Internal Audit and Compliance teams to support external audits, regulatory requests, and risk reporting. • Prepare executive-level reporting on third-party risk exposure and program effectiveness for GRC leadership and Board-level stakeholders. • Stay current on emerging regulatory changes, industry standards (e.g., NIST, ISO, HIPAA, HITRUST), and best practices in third-party risk management, providing cybersecurity expertise and support for all IT Audit (SOX, PCI, HIPAA); Security Compliance (Vendor Security Assessments and Security Risk Analysis (SRA)); and Data Compliance (Data Classification and Automated / Continuous) audits. Requirements: • Four year degree in any business/ technical area or equivalent experience is preferred • Certification Preferred - CISSP, CRISC, CTPRP, CTPRA or HCISPP • 5+ years of experience in third-party/vendor risk management, preferably within highly regulated industries such as healthcare, finance, or technology. • Strong understanding of GRC frameworks, risk assessment methodologies, and regulatory requirements (e.g., HIPAA, GDPR, SOC 2, NIST CSF). • Proven ability to communicate complex risk concepts clearly to both technical and non-technical stakeholders. • Experience managing risk assessment platforms or GRC tools (e.g., Archer, ServiceNow, OneTrust, Prevalent or Safe Security). • Excellent analytical, organizational, and interpersonal skills. • Certifications such CISSP, CRISC, CTPRP, CTPRA or HCISPP Benefits: • Medical, dental, vision, disability, AD&D and life insurance • Manager Time Off – 20 days per year • Discretionary 401k match • 10 paid holidays per year • Health savings accounts, healthcare & dependent flexible spending accounts • Employee Assistance program, Employee discount program • Voluntary benefits include pet insurance, legal insurance, accident and critical illness insurance, long term care, elder & childcare, auto & home insurance. • For Colorado employees, paid leave in accordance with Colorado’s Healthy Families and Workplaces Act is available. Apply Now Apply Now