Third Party Due Diligence – Monitoring

Posted 5 Days Ago
Be an Early Applicant
New York, NY, USA
In-Office
103K-135K Annually
Senior level
Financial Services
The Role
Lead end-to-end continuous monitoring of third- and fourth-party risks across cybersecurity and enterprise risk domains using BitSight, Supply Wisdom and NCFTA feeds. Triage and escalate alerts, coordinate remediation with TPMs, Legal, Compliance and Cyber Defense, perform due diligence and reassessments, maintain audit-ready records in Archer, support reporting and regulatory exams, and contribute to program enhancements and reconciliations.
Summary Generated by Built In

Third Party Due Diligence – Monitoring

Enterprise Controls Department

The Mizuho Americas Enterprise Controls Department (ECD) is a 1st Line of Defense (1LoD) risk and control function delivering enterprise control services across Third Party Services, Business Continuity Planning, and Business Risk and Control Services. The department creates singular accountability and a "one-stop shop" for enterprise control services across all lines of business and corporate functions in the Americas region, and it sits within the Mizuho Americas Enterprise Services Division.
 

Third Party Risk Management Unit

The TPRM Unit is a 1LoD risk function responsible for providing white-glove service to business lines and corporate functions, shepherding them through the Third Party Risk Management lifecycle, conducting due diligence directly with third parties, and providing oversight of the TPRM function.
 

Third Party Due Diligence (TPDD) Team

TPDD conducts risk-based evaluations of third-party service providers across Information Security, Information Technology, Business Continuity Planning, and adjacent domains, and is responsible for ongoing monitoring of third and fourth parties across Cybersecurity, Financial, Compliance, Operational, Geographic, and ESG events using tools including BitSight, Supply Wisdom, and NCFTA intelligence feeds.
 

Role Summary

The Assistant Vice President TPDD – Ongoing Monitoring is accountable for the end-to-end execution and quality of TPDD's continuous monitoring program for Critical, High, Moderate, Low, and Nominal third and fourth parties. The AVP owns the timely identification, triage, escalation, and resolution of monitoring alerts; partners with Third Party Managers (TPMs), Business Approvers, SMEs, Legal, and Compliance to drive remediation; and ensures all monitoring activity is documented in an audit-ready, regulator-defensible manner consistent with the MUSO TPRM Policy, Standard, and Procedure.
 

Roles and Responsibilities

  • Ongoing Third / Fourth Party Monitoring
    Own end-to-end ongoing monitoring of third and fourth party risks across cybersecurity (BitSight) and enterprise risk domains (Supply Wisdom), including weekly alert reviews; trend and impact analysis; ransomware and vulnerability assessments; fourth-party incident reporting; monthly third-party and location license and data reconciliation with heat map analysis; composite risk-rating evaluations across Macro-Economic, Financial, Geo-Political, Infrastructure, Business, Legal, Security & Compliance, Scalability, and ESG domains; and coordination with Cyber Defense to review NCFTA alerts and identify, assess, and respond to emerging high-risk cyber threats affecting Mizuho third parties.

  • Alert Triage, Escalation, and Stakeholder Engagement
    Serve as the primary point of contact for TPMs, Business Approvers, Legal, Compliance, CISO/Cyber Defense, Data Loss Prevention (DLP), and Subject Matter Experts (SMEs) to assess the business impact of third and fourth party risk events; document material incidents in Archer (e.g., score declines exceeding 5%, severe fourth-party incidents, sanctions hits, or breaches); identify and analyze risk issues, clearly communicate impacts in business terms, drive and track remediation to closure, and escalate Critical or High-risk issues to TPDD leadership, and TPRM Management, as appropriate.

  • Concentration & Portfolio Risk Monitoring
    Support monthly concentration and portfolio risk monitoring across third parties (e.g., engagement volume, service locations, contingent workers, and sole-provider exposure), contribute to quarterly reporting, and maintain accurate BitSight portfolios and Supply Wisdom license assignments to ensure all concentration-risk third parties are continuously monitored as Critical under appropriate license types.

  • Assessment Lifecycle Support
    Lead and perform due diligence reviews, reassessments, and significant change evaluations in accordance with TPRM policies and procedures; assess inherent risk and control effectiveness across key domains (e.g., Information Security, Technology, Business Continuity, Risk Management, Incident Management, Physical Security, Nth-Party Risk, and HR); identify and document due diligence gaps and risk exposures; recommend remediation, risk acceptance, or escalation actions in Archer; and coordinate Certificate of Insurance (COI) validation, as needed, including documenting any gaps.

  • Reporting, Governance, and Audit Readiness
    Review Archer KRI reports to identify threshold breaches and overdue activities, assess risk impact, drive remediation with stakeholders, and escalate issues as needed; ensure risk acceptances are recorded and tracked; support internal and external audits, regulatory exams, and Federal Banking Agency Report of Examination (ROE) reviews through timely, accurate documentation; and maintain complete, audit-ready records, including QA reviews of 10% of Moderate/Low and 100% of Critical/High assessments.

  • Program Enhancement
    Contribute to the enhancement of IRQs, DDQs, monitoring playbooks, KRIs, and reporting processes to improve consistency, efficiency, and audit readiness; identify and remediate data anomalies in Archer and support reconciliations across systems (Archer, SNOW, Supply Wisdom, BitSight); and ensure timely, high-quality delivery of monitoring activities aligned with TPRM objectives and regulatory requirements, including additional responsibilities as needed to support the TPRM program.

Qualifications

The individual will be part of the Third Party Due Diligence team, working remotely with periodic onsite presence as required; the position will be commensurate with experience and qualifications.

  • Bachelor's degree in a relevant field, such as Information Security, Cybersecurity, Business Administration, Finance, or Risk Management.

  • 5+ years of experience in third-party risk management, monitoring, risk assessment, IT audit, or related disciplines within regulated financial services or consulting.

  • Professional certifications strongly preferred (e.g., CTPRP, CTPRA, CISA, CRISC, CISSP).

  • Demonstrated experience with continuous monitoring platforms (BitSight, Supply Wisdom, or equivalent) and GRC tools (Archer or equivalent).

  • Solid knowledge of data analysis, contract review, data privacy, information security, information technology, and Business Continuity Planning (BCP) principles.

  • Strong ability to identify, assess, and articulate risks and vulnerabilities; sound judgment in evaluating control evidence.

  • Advanced Excel, AI and analytical skills, with strong attention to detail and accuracy.

  • Proven ability to manage priorities, drive issues to closure, and meet regulatory deadlines.

  • Strong interpersonal, stakeholder-management, and critical-thinking skills, with the ability to collaborate across the 1LoD, 2LoD, Legal, Compliance, and senior management.

  • Excellent written and verbal communication skills, with the ability to translate technical risks into clear business language for TPMs, Business Approvers, and executive stakeholders.

  • Experience with Shared Assessments (SIG framework) preferred.

  • Familiarity with U.S. regulatory expectations applicable to TPRM (FRB SR 13-19, OCC Bulletin 2013-29, NYDFS Part 500, FFIEC guidance) preferred.

The expected base salary ranges from $103,000.00 - $135,000.00. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including but not limited to Medical, Dental and 401k that begin on day one of employment, successful candidates are also eligible to receive a discretionary bonus.

#LI-Remote

#LI-NR1

Other requirements

Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations. Roles in some of our departments have greater in-office requirements that will be communicated to you as part of the recruitment process.   

Company Overview

Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill​, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.​​

Mizuho Americas offers a competitive total rewards package.

We are an EEO/AA Employer - M/F/Disability/Veteran.

We participate in the E-Verify program.

We maintain a drug-free workplace and reserve the right to require pre- and post-hire drug testing as permitted by applicable law.

#LI-MIZUHO

Skills Required

  • Bachelor's degree in Information Security, Cybersecurity, Business Administration, Finance, Risk Management, or related field
  • 5+ years of experience in third-party risk management, monitoring, risk assessment, IT audit, or related disciplines within regulated financial services or consulting
  • Demonstrated experience with continuous monitoring platforms (BitSight, Supply Wisdom, or equivalent)
  • Experience with GRC tools (Archer or equivalent) and maintaining audit-ready documentation
  • Solid knowledge of data analysis, contract review, data privacy, information security, information technology, and Business Continuity Planning (BCP) principles
  • Advanced Excel, AI and analytical skills
  • Strong ability to identify, assess, and articulate risks and vulnerabilities; sound judgment in evaluating control evidence
  • Proven ability to manage priorities, drive issues to closure, and meet regulatory deadlines
  • Strong interpersonal, stakeholder-management, and communication skills; translate technical risks into business language
  • Professional certifications (CTPRP, CTPRA, CISA, CRISC, CISSP)
  • Experience with Shared Assessments (SIG framework)
  • Familiarity with U.S. regulatory expectations applicable to TPRM (FRB SR 13-19, OCC Bulletin 2013-29, NYDFS Part 500, FFIEC guidance)

Mizuho Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Mizuho and has not been reviewed or approved by Mizuho.

  • Healthcare Strength Medical, dental, and vision coverage are characterized as strong, with plans described as excellent in multiple contexts. U.S. entities provide standard plan options and supporting programs that reinforce overall coverage quality.
  • Retirement Support A U.S. 401(k) program with employer contributions is available, indicating solid retirement support across entities. While formulas may vary by unit and year, the presence of an employer-funded component is a consistent feature.
  • Parental & Family Support Paid parental leave is described as meaningful, accompanied by programs that support childcare and eldercare. Flexible workstyles and family-focused resources broaden the depth of family support.

Mizuho Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Tokyo
8,826 Employees
Year Founded: 2001

What We Do

This is not your typical financial institution. It’s our people who make us a cut above. Here, every person is respected because of their differences, not in spite of them. We pride ourselves on a culture of purpose, passion and compassion. At Mizuho, we provide the stability of an international industry leader with the career trajectory of a growing business. Our steady, strategic growth gives our people at all levels rewarding degrees of responsibility and a richer work experience than a boutique firm or an established giant could offer alone. Working for Mizuho opens doors not just to a rewarding career with excellent prospects, but to lasting friendships with colleagues from diverse cultures. It’s the local expertise of our employees that makes our global network so powerful. By collaborating with colleagues and clients who have your same ambition, you can amplify your sphere of influence and base of knowledge as part of one of the largest—and growing—banks in the world. We’re all global citizens, and that’s why our company feels compelled to make an impact through more than just drawing up deals. We prove that it’s possible to do well and do good. We do right by our clients, our community and each other.

Similar Jobs

Genius Sports Logo Genius Sports

Head of Insights

AdTech • Artificial Intelligence • Machine Learning • Marketing Tech • Software • Sports • Big Data Analytics
Easy Apply
Hybrid
New York, NY, USA
1800 Employees
170K-200K Annually

Zscaler Logo Zscaler

Senior Manager, Enterprise Data Platform

Cloud • Information Technology • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
USA
8697 Employees
196K-245K Annually

Bilt Logo Bilt

Director, Events and Experiences

Fintech • Mobile • Real Estate • Financial Services • PropTech
In-Office
New York, NY, USA
200 Employees
130K-150K Annually

Samsara Logo Samsara

Technical Product Manager

Artificial Intelligence • Cloud • Computer Vision • Hardware • Internet of Things • Software
Easy Apply
Remote or Hybrid
United States
4000 Employees
102K-137K Annually

Similar Companies Hiring

Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees
Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account