Posted Jul 13, 2026

Manager, Cybersecurity Governance, Risk & Compliance

Apply Now
Job Description: • The Cybersecurity Manager – Third-Party Risk Management (TPRM) is responsible for the operational leadership, effectiveness, and continuous maturation of the organization's Third-Party Risk Management program. • Working closely with the Director of TPRM, this role leads a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, remediation governance, and risk reporting activities. • Provide day-to-day leadership, guidance, and oversight for TPRM team members. • Coach, mentor, and develop team members through performance feedback, career development planning, training opportunities, and formal performance evaluations. • Manage team capacity, workload prioritization, resource allocation, and operational challenges to ensure timely delivery of assessments, contract reviews, strategic initiatives, and departmental objectives. • Accountable for team performance, service delivery metrics, quality standards, and achievement of operational goals. • Identify staffing, skillset, and resource needs to support current operations and future program growth. • Foster a culture of accountability, collaboration, innovation, and continuous improvement. • Provide operational oversight and quality assurance for third-party risk assessments, contract security reviews, continuous monitoring activities, and risk evaluations, ensuring consistent application of established methodologies and quality standards. • Own the operational health of the enterprise third-party portfolio by ensuring assessment service levels, continuous monitoring, remediation tracking, and executive visibility objectives are achieved. • Serve as the primary escalation point for complex vendor risk decisions, including risk acceptances, exceptions, compensating controls, remediation plans, and vendor approval recommendations. • Review and approve high-risk assessment findings, risk ratings, remediation recommendations, and exception requests to ensure consistency with enterprise risk standards. • Collaborate with business stakeholders on critical vendor engagements and initiatives. Requirements: • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent combination of education and experience. • Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk management experience. • Minimum 2-3 years of direct people leadership experience. • Experience leading enterprise Third-Party Risk Management programs or significant cybersecurity governance initiatives. • Experience developing executive-level reporting, performance metrics, and strategic communications. • Demonstrated experience leading teams responsible for complex vendor risk assessments and cybersecurity evaluations. • Strong understanding of third-party risk management practices, cybersecurity controls, and risk assessment methodologies. • Experience developing policies, standards, and governance processes within cybersecurity or risk management functions. • Strong project management, organizational, and analytical skills. • Excellent written, verbal, and presentation skills with the ability to communicate effectively to both technical and executive audiences. • Ability to balance strategic planning with hands-on execution in a dynamic environment. Benefits: • healthcare • time off • retirement • well-being programs • professional certification opportunities • tuition reimbursement • quarterly and annual incentive programs