What are the responsibilities and job description for the Sr. Manager - Cyber Risk Management (Onsite - Raleigh, NC) position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, OMG Technologies, is seeking the following. Apply via Dice today!
Sr. Manager - Cyber Risk Management (Onsite - Raleigh, NC)
Position Summary:
Looking for a candidate who can enhance existing vendor questionnaires to reduce risk and add value. The Third-Party Cyber Risk Manager is responsible for designing, executing, and operating the organization s Third-Party Cyber Risk Management (TPCRM) program. This role identifies, assesses, and manages cyber risks introduced by vendors, suppliers, and service providers, ensuring third parties meet the company s security, compliance, and risk standards throughout the vendor lifecycle.
Responsibilities:
Program Ownership & Execution
Sr. Manager - Cyber Risk Management (Onsite - Raleigh, NC)
Position Summary:
Looking for a candidate who can enhance existing vendor questionnaires to reduce risk and add value. The Third-Party Cyber Risk Manager is responsible for designing, executing, and operating the organization s Third-Party Cyber Risk Management (TPCRM) program. This role identifies, assesses, and manages cyber risks introduced by vendors, suppliers, and service providers, ensuring third parties meet the company s security, compliance, and risk standards throughout the vendor lifecycle.
Responsibilities:
Program Ownership & Execution
- Own and operate the TPCRM lifecycle, including vendor intake, inherent risk assessment, due diligence, risk treatment, and ongoing monitoring.
- Establish and maintain a risk-based vendor tiering model aligned with company standards and risk appetite.
- Ensure the TPCRM program is defensible, repeatable, and audit ready.
- Conduct security due diligence of third parties, including questionnaires, SOC reports,
- policies, certifications, and control validation.
- Identify control gaps, assess residual risk, and drive remediation or risk acceptance.
- Provide clear cyber risk insights to support vendor decisions.
- Partner with Procurement, Legal, Compliance, Internal Audit, and business teams.
- Ensure appropriate security and data protection clauses in contracts.
- Track and report vendor risk posture and key risk indicators (KRIs).
- Utilize GRC tools such as OneTrust for workflow, evidence management, and reporting.
- Maintain documentation for audit and regulatory requirements.
- 5 years of experience at a senior manager level in third-party risk management.
- 6 years of strong experience in cybersecurity, GRC, etc.
- Strong experience in evaluating vendors, reviewing SOC reports, and assessing third-party risk is required.
- Experience with TPRM / GRC platforms (e.g., OneTrust).
- Experience supporting audits and regulatory reviews.
- Experience working with Procurement, Legal, and enterprise stakeholders.
- Understanding of vendor risk concepts such as inherent vs. residual risk.
- Ability to translate technical findings into business decisions.
- Certifications such as OSACA, CRISC, CISM, CISSP or similar are preferred.
- Bachelor s degree in a relevant field or equivalent experience.
- Strong communication and stakeholder management skills.
- Job Type: C2C or W2.
- Duration: 6 months with high possibility of extension.
- Locations: Hybrid - Raleigh, NC. Must be within commuting distance to Raleigh, NC.
- Work Schedule: 8:00 AM 5:00 PM EST.
- Pay Rate: Open to Market Rate (W2 and C2C).
- Interviews: 2 rounds via MS Teams (scheduled through Beeline).
- Docs required: ID proof will be required.