Third Party Risk Management Manager

Great Neck, NY



The Manager of the Information Security Third Party Risk Management program will be tasked with maturing the overall Third-Party Risk Management Security Program by working alongside the Director of Information Security Strategy and Governance and other team members. The Manager will be responsible for implementing a robust Third-Party Risk Management Program which includes vendor applications, software, systems, contractors and consultants. The Manager shall ensure sound security practices are built in throughout the third parties lifecycle.


Activities include


  • Develop and drive the implementation of security best practices and standards to mature the overall TPRM program
  • Directly responsible for developing, implementing and assessing procedures and controls to ensure compliance with applicable regulatory and legal requirements, First Quality policies as well as leading industry practices
  • Work with business and project teams to ensure security controls are built into IT functional specifications using leading industry practices
  • Work as a Subject Matter Expert (SME) for the Information Security team and management to identify and address key third party information risks and areas of concerns associated with new third-party project role outs
  • Drive appropriate stakeholder participation in evaluation of risk and control effectiveness
  • Establish third party assessment criteria and perform third party risk analysis and self-assessments for various third-party information systems and applications
  • Ensure new vendors comply with HIPAA and future regulatory needs
  • Establish and maintain Key Performance Indicators (KPIs)and Key Risk Indicators (KRIs)for the TPRM security program and initiatives





  • Occasional travel: Up to 15%





  • Bachelor’s degree in management information systems, computer science, cyber security or equivalent
  • 5 – 7 years’ experience working directly in an Information Security or Information Technology department
  • Big 4 experience a plus
  • Working knowledge of security controls in the following areas: cloud computing, mobile device management, identity and access management, emerging technologies
  • Experience with building any or all of the following programs: Third Party Risk Management, Incident Response Management, Threat & Vulnerability Management, Data Classification
  • Working knowledge of the following frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, ISF Standard of Good Practice, HIPAA
  • Professional security management certification: CompTIA Security +, CISSP, CISA, or equivalent or working towards certification is preferred



Note: Qualified candidates will be contacted within 2 business days of application. If an applicant does not meet the above criteria, we will keep your resume on file for future opportunities and may contact you for further discussion.

Date Posted 1/31/2018
Salary $115,000 - $140,000

(2MB Max; allowed file formats: doc, docx, pdf, pptx, txt)

characters left

Join Us

Work with an elite team of recruiters and
turn your passion into a profession.
Submit Your Resume