This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Manager, Cybersecurity Governance Risk & Compliance based in the United States.
This is a senior leadership role focused on strengthening and scaling an enterprise Third-Party Risk Management (TPRM) and cybersecurity governance function within a fast-paced, healthcare technology environment. You will lead a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, and executive risk reporting. The role combines people leadership with hands-on risk oversight, requiring the ability to guide complex cybersecurity decisions while ensuring consistency, quality, and alignment with enterprise risk tolerance. You will partner closely with cross-functional stakeholders across legal, procurement, privacy, compliance, and technology to ensure third-party risks are properly identified and managed. In addition to operational leadership, you will play a key role in shaping governance frameworks, improving processes, and driving automation across the program. This is a high-visibility position where your work directly influences organizational resilience, regulatory readiness, and strategic vendor decision-making.
Accountabilities:
- Lead and develop a Third-Party Risk Management (TPRM) team, including coaching, performance management, hiring, and capability building.
- Oversee daily TPRM operations including vendor risk assessments, contract security reviews, continuous monitoring, and remediation tracking.
- Review and approve high-risk vendor assessments, risk ratings, exception requests, and mitigation plans to ensure alignment with enterprise risk standards.
- Serve as escalation point for complex cybersecurity and vendor risk decisions, providing structured recommendations to leadership.
- Ensure consistent application of risk methodologies, governance frameworks, and documentation standards across all assessments.
- Partner with business, legal, procurement, compliance, privacy, and IT teams to manage third-party risk throughout the vendor lifecycle.
- Drive development and continuous improvement of cybersecurity policies, standards, and governance processes.
- Lead audit readiness activities and support regulatory and internal audit requests with complete, defensible documentation.
- Own executive reporting for the TPRM program, including dashboards, KPIs, KRIs, and portfolio risk insights.
- Lead strategic initiatives to improve automation, operational efficiency, and maturity of the cybersecurity governance program.
- Integrate AI governance considerations into third-party risk practices in collaboration with legal, privacy, and compliance teams.
Requirements:
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field, or equivalent experience.
- 8+ years of experience in cybersecurity, governance, risk management, compliance, or third-party risk management.
- 2–3+ years of people management or team leadership experience.
- Strong background in enterprise TPRM, cybersecurity governance, or GRC program leadership.
- Deep understanding of risk assessment methodologies, cybersecurity controls, and vendor risk frameworks.
- Experience developing policies, governance models, and executive-level reporting (KPIs, KRIs, dashboards).
- Strong stakeholder management skills with the ability to influence executive and cross-functional decisions.
- Excellent communication skills, with the ability to translate technical risk into business impact.
- Experience supporting audits, regulatory requirements, and risk compliance initiatives.
- Preferred certifications: CISSP, CISM, CRISC, CISA, CCSP, or CCSK.
- Preferred: experience with AI governance, TPRM platforms, and cybersecurity frameworks such as NIST, ISO 27001, SOC 2, or HITRUST.
Benefits:
- Competitive salary range: $118,000 – $167,700 (based on experience)
- 100% remote work with flexibility across the United States
- Comprehensive medical, dental, and vision insurance
- Retirement savings plan and financial wellbeing programs
- Paid time off, holidays, and flexible work arrangements
- Professional development support, including certifications and tuition reimbursement
- Employee wellness, mental health, and assistance programs
- Opportunity to lead and mature a high-impact enterprise cybersecurity program
- Exposure to AI governance, advanced risk frameworks, and enterprise security strategy
- Inclusive, people-first culture focused on collaboration, growth, and innovation