Third Party Risk, Lead

Third‑Party Risk Lead

About the Role
At TabaPay, the Enterprise Risk Management (ERM) team is responsible for building and scaling the frameworks that protect the company, strengthen operational resilience, and enable confident business growth. Our mission is to create a proactive, sustainable risk culture and ensure that risks across the enterprise—particularly those posed by third‑party relationships—are well understood, well managed, and aligned with regulatory expectations.

As a Third‑Party Risk Lead, you will play a critical role in designing, implementing, and operating TabaPay’s Third‑Party Risk Management (TPRM) Program. You will work cross‑functionally with Compliance, Security, IT, Legal, Finance, and business owners to evaluate vendor risks, strengthen controls, and ensure we engage vendors safely and strategically. This is a high‑visibility role that blends program development, risk assessment, process ownership, and stakeholder training.

We are looking for someone who is structured, curious, and detail‑oriented—someone excited to build a robust TPRM program and influence how TabaPay manages third‑party risk as we scale.

This role will report to the Head of Enterprise Risk Management.

What You’ll Do

Program Development & Governance (30%)

• Support the implementation and ongoing enhancement of TabaPay’s Third‑Party Risk Management (TPRM) policy and governance model.
• Help define program roles and responsibilities and contribute to RACI development across Risk, Compliance, IT, Procurement, and business owners.
• Maintain and continuously improve TPRM procedures aligned with interagency regulatory guidance and industry best practices.

Risk Assessment & Due Diligence (35%)

• Lead risk tiering activities to categorize vendors as low, moderate, high, or critical based on clearly defined criteria.
• Supprt comprehensive due diligence across domains including:
• Company profile and financial stability
• Information security & cybersecurity controls
• Legal, contractual, and regulatory compliance
• Business continuity & incident response capabilities
• Identify control gaps and partner with stakeholders to define remediation steps.
• Maintain the TPRM system of record and ensure data accuracy and completeness.

Lifecycle Management & Ongoing Monitoring (25%)

• Support the full third‑party lifecycle: planning, onboarding, contracting, performance monitoring, and offboarding.
• Review business cases and risk assessments for proposed vendor engagements.
• Validate that contracts contain required risk‑mitigating provisions (audit rights, SLAs, security requirements, exit strategies).
• Coordinate periodic performance reviews and trigger risk reassessments based on changes in services, incidents, or vendor health.
• Assist in managing incident escalation and reporting related to vendor performance or security events.

Training, Reporting & Stakeholder Engagement (10%)

• Create training materials and help deliver TPRM education to business owners and support teams.
• Prepare reports and dashboards for leadership that summarize vendor risk trends, issue statuses, and program performance metrics.
• Provide active guidance and partnership to stakeholders to ensure smooth and compliant vendor management.

What We Are Looking For

• Bachelor’s degree in Business, Risk Management, Information Security, Finance, or a related field.
• 5-10+ years of experience in third‑party risk management, vendor management, operational risk, or a similar role.
• Strong understanding of risk frameworks, due diligence requirements, and vendor lifecycle best practices (e.g., NIST, ISO, SOC reports, business continuity standards).
• Ability to evaluate complex vendor information and translate risks into clear, actionable recommendations for stakeholders.
• Strong attention to detail, organizational skills, and ability to manage multiple vendors or assessments simultaneously.
• Experience with TPRM or GRC tools/platforms is a plus.
• Strong analytical skills with the ability to identify patterns, inconsistencies, or emerging risks.
• Clear and professional communication skills—comfortable collaborating across teams and influencing without authority.
• Curiosity, ownership mindset, and a passion for building scalable processes.

Compensation Range

The salary range for this position is determined based on a variety of factors including, but not limited to, years of relevant experience, skills, qualifications, geographic location, and internal equity.

• San Francisco, CA / New York, NY: $127,000 – $150,000
• Denver, CO: $111,000 – $135,000

Candidates who meet the minimum qualifications and have less directly related experience may be considered for compensation at the lower end of the applicable salary range. Candidates with additional relevant experience, specialized skills, or advanced qualifications may be considered for compensation toward the higher end of the range.

Actual compensation within the posted range will be based on the factors listed above. This position may also be eligible for additional compensation, benefits, and other forms of remuneration, as applicable.