Associate Director, Risk Management

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffs
• Experience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiable
• Strong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatory
• Proven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk silo
• Strong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiences
• Comfort with data; SQL experience or the ability to query and analyze data independently is a strong plus
• Experience supporting or leading regulatory exams in a financial services or fintech environment

Nice to Have

• Experience building a TPRM program from scratch at a high-growth company
• Familiarity with GRC platforms and common TPRM tooling
• Working knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)
• Prior people management or team lead experience

Flex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 markets (NYC/ SF), the base salary pay range for this role is $176,000—$220,000 USD. For all other U.S. locations, Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the Tier 1 states listed above, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.