Senior Manager, Third-Party Risk Management

Position Summary

We are partnered with a U.S. based financial services and insurance company in search for a Senior Manager, Third-Party Risk Management professional in Richmond Virginia. This individual will lead the execution and continued evolution of an enterprise wide third party risk program. This role sits within the broader Risk organization and partners closely with leaders across Technology, Operations, and Sourcing/Vendor Management, Legal, Privacy, Compliance, and the Business to ensure third-party risks are understood, managed, and monitored across the full life-cycle.

This is a highly visible role for a risk leader who can blend program design, operational execution, stakeholder influence, and data-driven decision support.

Key Responsibilities

• Lead ongoing maturity of the TPRM program, ensuring alignment between policy, governance, controls, and day to day execution
• Own and optimize the TPRM technology platform and supporting tool-set
• Enhance workflows, automate manual processes, and improve data quality
• Build dashboards and reporting for leadership (portfolio risk views, critical vendors, assessment status, SLA's, issues, renewals, concentration risks)
• Define, track, and report KPIs and KRIs
• Support internal and external audits by maintaining well documented, repeatable controls and evidence
• Maintain governance artifacts, including policies, risk appetite alignment, RACI, and committee materials
• Deliver reporting to governance forums and leadership committees
• Monthly risk reviews, KRI/KPI reporting, issue tracking, executive reporting
• Develop standard operating procedures, playbooks, templates, and training to ensure consistent execution across stakeholders
• Partner with Sourcing/Vendor Management to embed risk requirements into intake, contracting, and vendor oversight processes
• Collaborate with Legal, Privacy, Compliance, and Information Security to align due diligence, contractual requirements, and control expectations

Required Qualifications

• Bachelor's degree or equivalent experience
• 8 years of experience in third-party risk, technology risk, operational risk, compliance, or related disciplines
• 3 years of leading programs and/or teams and influencing cross-functional stakeholders
• Demonstrated experience designing, implementing, or maturing TPRM programs
• Hands-on experience optimizing TPRM or GRC technology platforms
• Strong ability to translate risk into practical recommendations for senior leaders
• Solid understanding of third-party life-cycle practices, from due diligence through ongoing monitoring and remediation

Preferred

• Familiarity with frameworks and artifacts such as NIST, ISO 27001, SOC reports, and vendor oversight guidance
• Relevant certifications (CISA, CRISC, CISSP, CISM, or similar)