Third Party Risk Management Leader

Convergint is seeking a ThirdParty Risk Management (TPRM) Leader responsible for designing, implementing, and overseeing the enterprise-wide third-party risk management program, supporting regulatory compliance, operational resilience, cybersecurity, and financial integrity. This high-impact role ensures that risks associated with vendors, suppliers, partners, and service providers are identified, assessed, mitigated, monitored, and reported throughout the third-party lifecycle.

Responsibilities:

Program Design & Governance

• 
  
  
  
  • Establish and maintain an enterprise-wide Third-Party Risk Management framework aligned to public company expectations and leading practices
  • Define third-party risk policies, standards, procedures, and risk appetite in partnership with Legal, Finance, IT Security, and Compliance
  
  
  
  

Third-Party Lifecycle Management

• 
  
  
  
  • Oversee third-party risk activities across the full lifecycle:
    
    
    
    • Due diligence and onboarding
    • Contract risk assessment and approval
    • Ongoing monitoring and periodic reassessment
    • Issue management and remediation
    • Offboarding and termination
    
    
    
    
  • Ensure appropriate controls are in place for critical and high-risk vendors, including financial, operational, cybersecurity, privacy, and compliance risks
  
  
  
  

Cybersecurity & Data Protection Risk

• 
  
  
  
  • Partner with Technology to assess vendor cybersecurity posture, including review of SOC reports, testing summaries, and security questionnaires
  • Ensure third-party compliance with data privacy and protection requirements
  • Support SOX readiness ensuring third party-related controls are properly designed, documented, and operating effectively
  • Serve as a key liaison for Internal Audit and external auditors for third-party risk-related audits and reviews
  • Prepare documentation, metrics, and executive reporting required for IPO diligence and ongoing public company disclosures
  
  
  
  

Risk Monitoring, Reporting & Metrics

• 
  
  
  
  • Develop and maintain TPRM KPIs and KRIs, including vendor risk exposure, remediation status, and concentration risk
  • Provide regular reporting to executive leadership and risk committees
  • Escalate significant third-party risks and control gaps in a timely and structured manner
  
  
  
  

Cross-Functional Leadership

• 
  
  
  
  • Partner with Procurement, Legal, Technology, Finance, HR, Internal Audit, and Business Leaders to embed TPRM processes into daily operations
  • Influence stakeholders to adopt consistent, scalable risk practices across the enterprise
  • Support vendor contract negotiations by advising on risk clauses, SLAs, audit rights, and termination provisions
  
  
  
  

Continuous Improvement

• 
  
  
  
  • Benchmark the TPRM program against public company peers and evolving regulatory expectations
  • Lead tool selection or enhancement as the program matures
  • Train internal stakeholders on third-party risk awareness and responsibilities
  
  
  
  

Environmental Social Governance (ESG)

• 
  
  
  
  • Integrate ESG risk considerations (environmental impact, labor practices, ethics, and governance) into third-party risk assessment, onboarding, and ongoing monitoring processes.
  • Establish and oversee ESG-focused due diligence standards for vendors, suppliers, and partners in alignment with regulatory, industry, and corporate sustainability expectations.
  • Partner with Sustainability, Legal, Compliance, and Procurement teams to define ESG risk thresholds and remediation strategies for third parties.
  • Develop ESG-related third-party policies, controls, and reporting metrics to support corporate ESG goals and disclosures.
  • Identify, assess, and escalate ESG-related third-party risks, including human rights, supply-chain transparency, climate exposure, and ethical conduct.
  • Monitor emerging ESG regulations and frameworks (e.g., human rights, environmental compliance, governance standards) and translate requirements into third-party risk controls.
  • Drive continuous improvement of third-party ESG risk monitoring through data analytics, assessments, and performance scorecards.
  • Serve as a key advisor to senior leadership on ESG-related third-party risks and mitigation strategies.
  
  
  
  

Qualifications:

• 8+ years of experience in third-party risk, vendor risk management, enterprise risk, compliance, audit, or information security.
• Demonstrated experience building or maturing a TPRM program in a pre-IPO, public company, or regulated environment.
• Knowledge of leading Third-Party Risk Management (TPRM) and ESG practices.
• Understanding of risk policies, processes, ERP systems and risk management tools.
• Able to lead and manage multiple projects simultaneously and assess priorities in a complex environment.
• Demonstrated strong orientation to leadership, coaching, teamwork and indirect networks; a good communicator and change agent.
• Excellent executive communication and stakeholder management skills.
• Excellent analytical skills necessary to resolve problems and look for solutions.
• Excellent program and project management skills.
• Ability to influence others and build consensus using advanced written and verbal communication and presentation skills.

Convergint is an Equal Opportunity Employer.

Visit our Convergint careers site to learn more about the company and the exciting opportunities available.

Please note that this job posting includes salary information for the assigned target market range within the primary geographic region the requisition is posted. If the position is posted in multiple locations or is a remote position, the salary range may vary. Individual pay rates will, of course, vary depending on the job, department, and location, as well as the individual skills, experience, certifications, specific licenses, and education of the applicant.