Director of Procurement and Third-Party Risk Management (49176)

The Director of Procurement and Third-Party Risk Management will establish and lead the procurement function for a decentralized business model. Key responsibilities include designing and implementing a third-party risk management (TPRM) framework, setting policies and controls, and working closely with stakeholders such as Legal, Information Security, Privacy, Compliance, Finance, and IT. The role ensures that third-party engagements are justified, budgeted, and aligned with business needs, and promotes transparency across vendors. The Director also acts as a strategic communicator and change leader, ensuring procurement and risk requirements are adopted throughout the organization. Success requires strong program development, stakeholder management, and influencing skills. 

Procurement and TPRM Function Development and Leadership 

• Lead and organize a centralized procurement and third-party risk management (TPRM) function that aligns with the organization’s goals and appetite for risk. 

• Design governance frameworks, operating models, and workflows for procurement and TPRM that suit a decentralized business environment. 

• Roll out uniform processes for sourcing, contracts, and onboarding third parties, but maintain adaptability to meet a range of business requirements. 

• Establish clear procurement and TPRM policies, procedures, and controls to promote consistency, transparency, and accountability. 

• Seek ways to enhance how vendors are chosen, costs are managed, and contracts are handled throughout their lifecycle. 

Third-Party Risk Management Framework 

• Develop and manage a cross-functional TPRM framework, policies, and procedures that meet all legal, regulatory, security, and privacy standards, covering the entire third-party lifecycle (vendor onboarding, risk-tiering, due diligence, contracting, monitoring, and offboarding). 

• Collaborate with Information Security, Privacy, Legal, and Risk Management to establish vendor risk assessment criteria and minimum control requirements. 

Cross-Functional Collaboration 

• Work closely with Legal, Information Security, Privacy, Compliance, Finance, HR, and IT to integrate procurement and risk management requirements into existing business processes. 

• Facilitate cross-functional working groups to define requirements, escalate issues, and continuously improve processes. 

• Serve as a trusted advisor to business leadership on vendor strategy, risk exposure, and procurement best practices. 

Communication and Change Management 

• Develop communication strategies to explain procurement and third-party risk requirements to service lines and sub-service lines in clear, practical terms. 

• Build strong relationships with independently operating service line and sub-service line leaders to drive adoption of new processes. 

• Create training materials, guidance documents, and playbooks to support consistent execution across the organization. 

• Lead change management initiatives to embed procurement and TPRM practices into day-to-day operations. 

Program Governance and Reporting 

• Establish KPIs, dashboards, and reporting mechanisms to measure procurement performance, vendor risk, and process efficiency. 

• Provide regular updates to senior leadership on program maturity, key risks, and improvement initiatives. 

• Ensure records, documentation, and processes support internal audits, regulatory inquiries, and client requirements where applicable. 

Vendor Rationalization and Capability Assessment 

• Maintain visibility into the vendor landscape across service lines and sub-service lines to identify overlap, redundancy, or fragmentation of capabilities. 

• Flag newly introduced vendors whose services are duplicative or substantially similar to existing vendors to prompt assessment of: 

• Business requirements and use cases 

• Technical requirements and integration considerations 

• Cost efficiency and consolidation opportunities 

• Risk and security implications 

• Facilitate cross-functional review with business, IT, security, and architecture teams to determine whether existing solutions can meet the need before onboarding new vendors. 

• Bachelor’s degree in business, Finance, Supply Chain, Risk Management, or a related field. 

• 8–12 years of experience in procurement, vendor management, or third-party risk management, including experience building or transforming programs. 

• Demonstrated experience designing policies, procedures, and governance frameworks. 

• Experience working in a decentralized or highly cross functional/matrixed organization. 

• Strong stakeholder management and influencing skills across multiple functions and leadership levels. 

• Excellent written and verbal communication skills, with the ability to translate complex requirements into practical guidance.  

Preferred: 

• Experience in regulated or professional services environments.   

• Familiarity with privacy, information security, and regulatory requirements affecting third-party risk. 

• Relevant certifications such as CPSM, CISM, CISA, CRISC, or similar.  

Core Competencies 

• Strategic thinking and program design 

• Risk-based decision making  

• Influencing without authority  

• Change management and organizational adoption 

• Executive communication and presentation 

• Process design and operational scaling 

Salary : $150,000 - $200,000