Sr. Manager, Third Party Risk Management

Posted 4 Days Ago
Be an Early Applicant
2 Locations
In-Office
Senior level
Insurance
In a world made up of devices, screens, and power buttons, when something breaks, Asurion steps in to help.
The Role
Lead and mature the enterprise third-party/vendor risk program end-to-end: intake, tiering, due diligence, contracting, continuous monitoring, incident coordination, metrics/KRIs, and team leadership, aligned to standards like NIST CSF 2.0 and SOC 2.
Summary Generated by Built In
Position Overview

The Senior Manager, Third Party Risk Management leads Asurion’s enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third-party risk lifecycle—intake, inherent-risk tiering, due diligence, contract controls, continuous monitoring, reassessment, and secure offboarding—protecting Asurion and its carrier and partner ecosystem from risks introduced by vendors, service providers, and technology suppliers. The leader partners closely with Procurement, Legal, Privacy, business portfolio owners, and security control owners to translate fragmented vendor information into clear, defensible risk decisions. This is both a program-building and people-leadership role, maturing the vendor risk function in alignment with NIST CSF 2.0 and strengthening supply chain risk outcomes while embedding modern practices for emerging risks such as third-party AI tooling, SaaS sprawl, and vendor concentration.

Key Responsibilities
  • Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations.
  • Define and maintain TPRM policy, standards, procedures, and risk-tiering methodology; secure governance approval and drive consistent adoption across the enterprise.
  • Establish third-party risk appetite and tolerance thresholds with CISO and GRC leadership and apply them to vendor risk decisions.
  • Embed risk gates within sourcing, onboarding, contracting, renewal, and offboarding in partnership with Procurement and Legal.
  • Lead the full vendor risk lifecycle: intake, inherent-risk classification, due diligence, residual-risk determination, treatment/acceptance, contracting, continuous monitoring, reassessment, and offboarding.
  • Operationalize inherent-risk tiering to scope assessment depth and cadence based on data sensitivity, access, criticality, and business impact.
  • Direct security, privacy, and resilience assessments using methodologies such as SIG/Shared Assessments and evidence including SOC 2 Type II, ISO 27001, PCI AOC, and penetration test results.
  • Evaluate fourth-party/Nth-party dependencies, vendor concentration, and systemic risk across the supplier portfolio.
  • Establish and lead risk reviews for third-party AI/GenAI tooling with security and privacy teams; address model and data-handling risks and shadow AI.
  • Translate findings into concise, business-relevant risk narratives and actionable remediation plans with owners and timelines.
  • Operate continuous monitoring leveraging external risk ratings, periodic attestations, threat/breach intelligence, and event-driven triggers.
  • Coordinate third-party incident response with SOC/IR; assess impact, drive containment, and track remediation to closure.
  • Manage the third-party risk register and findings inventory; escalate aging or accepted risks through governance.
  • Maintain visibility into critical vendor resilience and BC/DR posture for high-impact suppliers.
  • Partner with Legal and Procurement to define and negotiate security, privacy, and resilience terms (control requirements, right-to-audit, breach notification SLAs, data protection, subprocessor controls).
  • Develop a standardized library of contractual security requirements scaled to vendor risk tier.
  • Define and report outcome-driven metrics and KRIs (e.g., residual risk trends, assessment cycle time/coverage, time-to-remediate, monitoring coverage, exception aging); deliver executive-ready reporting to governance forums.
  • Serve as the primary point of contact for internal/external audits, regulatory exams, and carrier-partner due diligence.
  • Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach performance, and scale capability through playbooks, training, and quality reviews.
  • Drive operational efficiency via process automation and analyst-assistive tooling to focus effort on judgment-intensive decisions.
Education and Experience
  • 8+ years in information security, IT risk, or GRC, including 4+ years focused on third-party/vendor risk management.
  • 2+ years of direct people leadership managing analysts or a risk team.
  • Demonstrated experience designing or maturing a TPRM program lifecycle end to end.
  • Strong working knowledge of NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and assessment standards such as SIG/Shared Assessments.
  • Experience reviewing assurance artifacts (SOC 2 Type II, ISO certifications, penetration test reports) and translating them into risk decisions.
  • Hands-on experience with TPRM/GRC platforms and continuous monitoring/security-rating tools (e.g., ProcessUnity, OneTrust, Prevalent/Mitratech, Whistic, BitSight, SecurityScorecard, or comparable).
  • Experience partnering with Procurement and Legal on vendor contracting and security/privacy terms.
  • Excellent written and verbal communication, including executive briefing and defensible risk narratives.
  • Bachelor’s degree in a related field or equivalent professional experience.
  • Preferred: certifications such as CTPRP, CISSP, CISA, CRISC, or CISM; experience in regulated consumer or financial environments (e.g., GLBA, PCI DSS, state privacy laws); experience with AI/GenAI risk assessment; familiarity with three lines of defense; experience with automation or AI-assisted workflows in GRC.
Knowledge, Skills, and Abilities
  • Sound risk judgment balancing rigor with business enablement and speed-to-value.
  • Ability to influence without authority across Procurement, Legal, Privacy, Security, and business stakeholders.
  • Program design, policy/standard development, and governance execution for TPRM.
  • Expertise in vendor risk tiering, due diligence, continuous monitoring, issue management, and secure offboarding.
  • Strong analytical skills to assess concentration, systemic risk, and fourth-party dependencies.
  • Advanced communication skills; distills complex third-party risk into actionable executive decisions.
  • Team leadership, talent development, and operational scaling through playbooks, training, and QA.
  • Proficiency with metrics/KRIs, dashboards, and executive reporting.
  • Negotiation of contractual security/privacy/resilience terms and control requirements.
Travel Requirements

N/A

Physical Demands
  • Stationary Position: Frequently
  • Vision: 20/20 corrected vision
  • Hearing: Receive detailed information if spoken to

Skills Required

  • 8+ years in information security, IT risk, or GRC
  • 4+ years focused on third-party/vendor risk management
  • 2+ years of direct people leadership managing analysts or a risk team
  • Proven experience designing or maturing an end-to-end TPRM program
  • Working knowledge of NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS
  • Familiarity with assessment standards such as SIG/Shared Assessments
  • Experience reviewing assurance artifacts (SOC 2 Type II, ISO certifications, penetration test reports) and translating into risk decisions
  • Hands-on experience with TPRM/GRC platforms and continuous monitoring/security-rating tools (e.g., ProcessUnity, OneTrust, Prevalent/Mitratech, Whistic, BitSight, SecurityScorecard)
  • Experience partnering with Procurement and Legal on vendor contracting and security/privacy terms
  • Excellent written and verbal communication, including executive briefing and defensible risk narratives
  • Bachelor's degree in a related field or equivalent professional experience
  • Certifications such as CTPRP, CISSP, CISA, CRISC, or CISM
  • Experience in regulated consumer or financial environments (e.g., GLBA, PCI DSS, state privacy laws)
  • Experience with AI/GenAI risk assessment and addressing shadow AI
  • Familiarity with three lines of defense and experience with automation or AI-assisted workflows in GRC

Asurion Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Asurion and has not been reviewed or approved by Asurion.

  • Fair & Transparent Compensation Pay is often described as solid or competitive in certain corporate and technical tracks, with some roles viewed as aligned to market ranges.
  • Strong & Reliable Incentives Short-term incentives and bonus structures are described as a meaningful layer on top of base pay, increasing total compensation when targets are met.
  • Healthcare Strength Medical, dental, and vision offerings are described as inclusive and broad, with additional protections like life/AD&D and disability coverage available.

Asurion Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Nashville, Tennessee
18,000 Employees
Year Founded: 1994

What We Do

We're a global tech care company keeping nearly every device and appliance in your home running smoothly. Trusted by more than 100 leading brands and serving over 230M customers worldwide, we deliver tech support, repair, protection, and replacements at a massive scale. From your neighborhood uBreakiFix by Asurion repair store, to in-home tech support, to global protection plans, we’re the people keeping your tech connected when it matters most.

Why Work With Us

As Asurion, you will work with people who care about you and the work we do together. You can depend on us to care about the work you do.

Gallery

Gallery

Similar Jobs

Mastercard Logo Mastercard

Vice President, Specialist Sales

Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Remote or Hybrid
Arlington, VA, USA
38800 Employees
204K-391K Annually

Pfizer Logo Pfizer

Senior Director, Internal Medicine Portfolio Strategy Lead

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
215K-358K Annually

Pfizer Logo Pfizer

Director, Portfolio Strategy Inflammation & Immunology

Artificial Intelligence • Healthtech • Machine Learning • Natural Language Processing • Biotech • Pharmaceutical
In-Office or Remote
10 Locations
121990 Employees
177K-294K Annually

Capital One Logo Capital One

Lead Software Engineer

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
2 Locations
55000 Employees
197K-246K Annually

Similar Companies Hiring

Globe Life Thumbnail
Insurance • Financial Services
McKinney, TX
3000 Employees
MassMutual India Thumbnail
Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana
Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account