Director, Third Party Risk Management

Role Summary 

The Director – Third Party Risk Management is a Second Line of Defense (2LoD) leadership role responsible for the strategic development, oversight, and ongoing maturation of the firm’s Third Party Risk Management (TPRM) program. Reporting to the Head of Privacy & TPRM, this role is regarded as a subject matter expert in third-party risk and plays a key role in shaping the firm’s risk strategy, governance framework, and operating model following the implementation of an outsourced TPRM capability. 

The Director provides independent oversight, credible challenge, and assurance over first-line and outsourced TPRM activities, while building a sustainable, regulator-ready 2LoD function aligned with the firm’s risk appetite and regulatory expectations. 

Responsibilities 

TPRM Strategy & Program Leadership:  

• Serve as the firm’s subject matter expert on third-party risk management. 
• Contribute to the development and execution of the firm’s TPRM strategy, roadmap, and target-state operating model. 
• Lead the build-out and continuous improvement of a 2LoD TPRM function following outsourcing of due diligence and periodic reviews. 
• Define and maintain TPRM policies, standards, risk methodologies, and oversight frameworks aligned with regulatory expectations and industry best practices. 
• Ensure alignment of the TPRM program with enterprise risk appetite and governance structures. 
• Lead assessment of emerging third party risks and technologies, including AI, and integrate findings into TPRM strategy, governance, and executive reporting.  

Oversight of Outsourced & First-Line TPRM Activities: 

• Provide independent oversight and effective challenge of outsourced TPRM service providers, including due diligence execution and ongoing monitoring. 
• Oversight of monitoring activities related to SLAs, KPIs, quality assurance standards, and performance metrics for outsourced partners. 
• Report on systemic control gaps, concentration risk, and emerging third-party risk themes across the vendor population. 
• Escalate material third-party risk issues and control deficiencies through appropriate governance and risk committees. 

Risk Governance, Reporting & Regulatory Readiness: 

• Design and deliver executive and board-level reporting on third-party risk, including trends, emerging risks, and risk appetite breaches. 
• Lead TPRM-related regulatory exams, internal audits, and management assurance activities. 
• Ensure TPRM documentation, evidence, and reporting are audit- and exam-ready. 
• Partner with Enterprise Risk, Compliance, Legal, Information Security, Procurement, and Technology while maintaining 2LoD independence. 

Leadership & Capability Development:

• Provide leadership, guidance, and technical mentorship to TPRM risk analysts and managers. 
• Establish clear roles, responsibilities, and RACI alignment across 1LoD, 2LoD, and outsourced providers. 
• Drive adoption of data-driven, AI-enabled reporting and analytics to enhance risk insight and oversight efficiency. 
• Promote a strong risk culture and consistent application of third-party risk standards across the firm. 

Qualifications 

Required:

• Bachelor’s degree in Risk Management, Information Systems, Finance, Business, Law, or a related field. 10+ years of experience in third-party risk management, operational risk, or compliance, with significant experience in a 2LoD capacity within financial services or asset management (or other industry subject to equivalent re
• ulatory scrutiny). 
• Demonstrated experience designing, implementing, or maturing a TPRM program, including oversight of outsourced or co-sourced models. 
• Deep understanding of regulatory expectations for third-party risk (e.g., SEC, FINRA, global regulators). 
• Proven ability to operate as a trusted expert and strategic advisor to senior leadership. 
• Required Certifications (at least one): Certified Third Party Risk Professional (CTPRP) 
• Certified in Risk and Information Systems Control (CRISC) 
• Certified Information Systems Auditor (CISA) 

Preferred:

• Advanced degree (MBA, JD, or equivalent). 
• Experience supporting global or complex vendor ecosystems. 
• Additional certifications: 
• ISO 27001 Lead Implementer or Auditor 
• PMP or equivalent program management certification 
• Experience leveraging AI, automation, or advanced analytics in TPRM oversight (e.g., Microsoft Co-Pilot, ChatGPT Enterprise). 

Tools & Technology (Preferred) 

• Extensive experience with TPRM and GRC platforms (e.g., ServiceNow, Coupa). 
• Strong executive-level reporting and data visualization skills (e.g., Power BI). 
• Experience implementing metrics, KRIs, and dashboards aligned to risk appetite. 

Key Competencies 

• Recognized expertise in third-party risk management. 
• Strategic mindset with hands-on oversight capability. 
• Strong executive presence and ability to provide credible challenge. 
• Excellent written and verbal communication skills. 
• Ability to lead through influence in a matrixed, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.