Job Description:
The Third Party Risk Management (TPRM) Lead is responsible for designing, implementing, and operating enterprise-wide Third Party Risk Management framework. This role leads the transformation of the current vendor onboarding and oversight process into a structured, scalable, and risk-based TPRM program aligned with regulatory expectations and organizational risk appetite.
The TPRM Lead partners cross-functionally with Information Security, Privacy, Legal, IT, and Business stakeholders to ensure third-party risks are appropriately identified, assessed, monitored, and mitigated throughout the vendor lifecycle.
Key Responsibilities:
- Lead and administer the global Third Party/vendor review program, including risk rating of new vendors, managing the end-to-end onboarding process, and conducting annual reviews of existing material and high-risk vendors.
- Implement formal Third Party Risk Management framework aligned with industry standards and best practices.
- Establish procedures covering: Vendor onboarding, Ongoing monitoring, Vendor offboarding
- Organize and maintain centralized repositories for relevant Third-Party Risk and metrics documents.
- Establish and maintain a centralized vendor inventory with risk classification and ownership tracking.
- Review and redesign vendor onboarding workflows and intake questionnaires.
- Ensure onboarding requirements align with: Information Security requirements, Privacy and data protection requirements, Regulatory and compliance expectations.
- Develop and implement standardized vendor risk assessment questionnaires.
- Define minimum evidence and documentation requirements, including certifications, control attestations, and security documentation.
- Establish review, escalation, and approval workflows for vendor assessments.
- Perform specialized reviews with Information Security and Privacy teams, including technical assessments and Data Protection Impact Assessment (DPIA) where required.
- Design and implement a structured vendor monitoring and annual review program.
- Track vendor risk posture over time and ensure timely reassessments and remediation follow-up.
- Support customer due diligence processes and reduce repetitive inbound security questionnaires through centralized documentation.
- Assess and integrate evolving regulatory requirements impacting third-party risk management, including EU AI Act considerations where applicable.
- Ensure AI-related vendor risks are identified and addressed within the TPRM framework.
- Monitor emerging regulatory, technology, and operational risks relevant to vendor management practices.
- Lead remediation and reduction of existing vendor review and alerts using a risk-based prioritization approach.
- Serve as the primary point of contact for third-party risk management matters across the organization.
- Develop and maintain TPRM metrics, dashboards, and reporting capabilities.
- Provide regular reporting and program updates for Risk & Compliance leadership.
- Partner with Legal to ensure that Non-Disclosure Agreements (NDAs) are properly executed where required.
- Serve as the primary point of contact for Third Party adverse media escalations (Perform Level 2 disposition).
- Support internal audits, external audits/certifications (i.e. SOC2, ISO27001) customer due diligence, and certification activities.
- Help identify and lead initiatives to ensure that compliance activities throughout the organization are effective and in compliance with SOC2 and ISO27001.
- Assist with generating responses to Client Due Diligence requests.
- Assist with the execution of compliance related activities such as our Business Continuity/Disaster Recovery exercises, risk matrix reviews, incident response tabletops, etc.
- Perform analysis of software to ensure compliance with IP rights.
- Support broader compliance activities as needed.
Required Qualifications & Skills:
- 3–5 years of experience in Third Party Risk Management, Vendor Management, Information Security, Compliance, Risk, Audit, Privacy, or related operational function.
- Experience supporting vendor onboarding, risk assessments, compliance reviews, privacy reviews, or governance processes.
- Ability to coordinate cross-functional activities involving Information Security, Privacy, Legal, and Business stakeholders.
- Experience reviewing vendor documentation such as SOC 2 reports, security questionnaires, certifications, privacy documentation, or compliance evidence is preferred.
- Familiarity with privacy and data protection requirements impacting third-party risk management, including GDPR concepts, DPIAs, and data processing considerations.
- Strong analytical and problem-solving skills with attention to detail.
- Effective written and verbal communication skills, including the ability to communicate risk, privacy, and process requirements clearly to stakeholders.
- Experience working with governance, risk, compliance, procurement, ticketing, or vendor management tools (e.g., JIRA) is preferred.
- Ability to support process improvement initiatives and help implement scalable governance practices.
- Relevant certifications such as CIPP/E, Security+, ISO 27001 Foundations, CISA, CRISC, or similar are a plus.
Minimum salary: 14,166 PLN gross/month
Additional components of our benefits package:
Comprehensive private medical healthcare
Remote work options subject to the type of position or project
The option to join a group private insurance plan (subject to a fee)
MyBenefit Cafeteria including Multisport
Annual discretionary bonus, subject to both company performance and individual contribution
Employee Assistance Program (EAP)
Access to goFLUENT language learning platform
AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
All the information concerning breaches of law during the recruitment process should be reported at [email protected]. Upon request, you will be provided with Internal procedure for reporting and following up on breaches of law, adopted by the Company based on the Whistleblower Protection Act.
Recruitment Scam Alerts
We’re aware of an increase in recruitment scams where individuals falsely claim to represent AML RightSource. These scammers may ask for money or personal information by offering fake job opportunities through e-mail, text message or social media. Please verify the source of any job-related communications carefully. All official AML RightSource communications are conducted through "@amlrightsource.com" email addresses. If you encounter suspicious messages, do not respond.
Skills Required
- 3-5 years of experience in Third Party Risk Management, Vendor Management, Information Security, Compliance, Risk, Audit, Privacy, or related operational function.
- Experience supporting vendor onboarding, risk assessments, compliance reviews, privacy reviews, or governance processes.
- Ability to coordinate cross-functional activities involving Information Security, Privacy, Legal, and Business stakeholders.
- Familiarity with privacy and data protection requirements including GDPR concepts, DPIAs, and data processing considerations.
- Experience reviewing vendor documentation such as SOC 2 reports, security questionnaires, certifications, privacy documentation, or compliance evidence.
- Strong analytical and problem-solving skills with attention to detail.
- Effective written and verbal communication skills, including communicating risk and process requirements to stakeholders.
- Experience working with governance, risk, compliance, procurement, ticketing, or vendor management tools (e.g., JIRA).
- Ability to support process improvement initiatives and implement scalable governance practices.
- Relevant certifications such as CIPP/E, Security+, ISO 27001 Foundations, CISA, CRISC, or similar.
AML RightSource Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about AML RightSource and has not been reviewed or approved by AML RightSource.
-
Flexible Benefits — Flexible scheduling and remote/hybrid arrangements are positioned as meaningful non-cash value that helps offset lower base pay for some roles.
-
Parental & Family Support — Parental leave for both parents is described as a notable benefit that can be especially valuable for employees starting or growing families.
-
Inclusive Benefits Coverage — A broad baseline menu is described as available, including medical, dental, vision, life insurance, short/long-term disability, and voluntary coverages, alongside a 401(k).
AML RightSource Insights
What We Do
AML RightSource is the leading firm solely focused on Anti-Money Laundering (AML)/Bank Secrecy Act (BSA) and financial crimes compliance solutions. AML RightSource provides highly-trained AML/BSA professionals to assist banks and non-bank financial institutions to meet day-to-day compliance tasks. Services include transaction monitoring, alert backlog management, enhanced due diligence reviews, fraud, and financial crimes advisory matters. Our highly trained workforce of analysts and subject matter experts includes the industry’s largest team of full time professionals. We typically provide our services directly from our secure facilities in Ohio, Arizona, New York, and Ontario. AML/BSA staff augmentation services can be provided on site per request.








