Third Party Risk Management (TPRM) Lead - Krakow, Poland

Posted 20 Days Ago
Be an Early Applicant
Kraków, Małopolskie, POL
In-Office
14K-14K Annually
Mid level
Financial Services
The Role
Lead design and operation of an enterprise Third Party Risk Management program: vendor onboarding, risk assessments, monitoring, remediation, and reporting. Partner with InfoSec, Privacy, Legal, and business teams to implement frameworks, questionnaires, workflows, centralized inventory, and evidence requirements. Support audits (SOC2/ISO27001), compliance activities, DPIAs, and AI/vendor risk considerations while maintaining metrics and stakeholder communications.
Summary Generated by Built In

Job Description:

The Third Party Risk Management (TPRM) Lead is responsible for designing, implementing, and operating enterprise-wide Third Party Risk Management framework. This role leads the transformation of the current vendor onboarding and oversight process into a structured, scalable, and risk-based TPRM program aligned with regulatory expectations and organizational risk appetite.

The TPRM Lead partners cross-functionally with Information Security, Privacy, Legal, IT, and Business stakeholders to ensure third-party risks are appropriately identified, assessed, monitored, and mitigated throughout the vendor lifecycle.

Key Responsibilities:

  • Lead and administer the global Third Party/vendor review program, including risk rating of new vendors, managing the end-to-end onboarding process, and conducting annual reviews of existing material and high-risk vendors.
  • Implement formal Third Party Risk Management framework aligned with industry standards and best practices.
  • Establish procedures covering: Vendor onboarding, Ongoing monitoring, Vendor offboarding
  • Organize and maintain centralized repositories for relevant Third-Party Risk and metrics documents.
  • Establish and maintain a centralized vendor inventory with risk classification and ownership tracking.
  • Review and redesign vendor onboarding workflows and intake questionnaires.
  • Ensure onboarding requirements align with: Information Security requirements, Privacy and data protection requirements, Regulatory and compliance expectations.
  • Develop and implement standardized vendor risk assessment questionnaires.
  • Define minimum evidence and documentation requirements, including certifications, control attestations, and security documentation.
  • Establish review, escalation, and approval workflows for vendor assessments.
  • Perform specialized reviews with Information Security and Privacy teams, including technical assessments and Data Protection Impact Assessment (DPIA) where required.
  • Design and implement a structured vendor monitoring and annual review program.
  • Track vendor risk posture over time and ensure timely reassessments and remediation follow-up.
  • Support customer due diligence processes and reduce repetitive inbound security questionnaires through centralized documentation.
  • Assess and integrate evolving regulatory requirements impacting third-party risk management, including EU AI Act considerations where applicable.
  • Ensure AI-related vendor risks are identified and addressed within the TPRM framework.
  • Monitor emerging regulatory, technology, and operational risks relevant to vendor management practices.
  • Lead remediation and reduction of existing vendor review and alerts using a risk-based prioritization approach.
  • Serve as the primary point of contact for third-party risk management matters across the organization.
  • Develop and maintain TPRM metrics, dashboards, and reporting capabilities.
  • Provide regular reporting and program updates for Risk & Compliance leadership.
  • Partner with Legal to ensure that Non-Disclosure Agreements (NDAs) are properly executed where required.
  • Serve as the primary point of contact for Third Party adverse media escalations (Perform Level 2 disposition).
  • Support internal audits, external audits/certifications (i.e. SOC2, ISO27001) customer due diligence, and certification activities.
  • Help identify and lead initiatives to ensure that compliance activities throughout the organization are effective and in compliance with SOC2 and ISO27001.
  • Assist with generating responses to Client Due Diligence requests.
  • Assist with the execution of compliance related activities such as our Business Continuity/Disaster Recovery exercises, risk matrix reviews, incident response tabletops, etc.
  • Perform analysis of software to ensure compliance with IP rights.
  • Support broader compliance activities as needed.

Required Qualifications & Skills:

  • 3–5 years of experience in Third Party Risk Management, Vendor Management, Information Security, Compliance, Risk, Audit, Privacy, or related operational function.
  • Experience supporting vendor onboarding, risk assessments, compliance reviews, privacy reviews, or governance processes.
  • Ability to coordinate cross-functional activities involving Information Security, Privacy, Legal, and Business stakeholders.
  • Experience reviewing vendor documentation such as SOC 2 reports, security questionnaires, certifications, privacy documentation, or compliance evidence is preferred.
  • Familiarity with privacy and data protection requirements impacting third-party risk management, including GDPR concepts, DPIAs, and data processing considerations.
  • Strong analytical and problem-solving skills with attention to detail.
  • Effective written and verbal communication skills, including the ability to communicate risk, privacy, and process requirements clearly to stakeholders.
  • Experience working with governance, risk, compliance, procurement, ticketing, or vendor management tools (e.g., JIRA) is preferred.
  • Ability to support process improvement initiatives and help implement scalable governance practices.
  • Relevant certifications such as CIPP/E, Security+, ISO 27001 Foundations, CISA, CRISC, or similar are a plus.  

Minimum salary: 14,166 PLN gross/month 

Additional components of our benefits package: 

  • Comprehensive private medical healthcare 

  • Remote work options subject to the type of position or project 

  • The option to join a group private insurance plan (subject to a fee) 

  • MyBenefit Cafeteria including Multisport 

  • Annual discretionary bonus, subject to both company performance and individual contribution

  • Employee Assistance Program (EAP)

  • Access to goFLUENT language learning platform

AML RightSource is committed to fostering a diverse work environment and is proud to be an equal opportunity employer. We provide equal employment opportunities to all qualified applicants without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.  

All the information concerning breaches of law during the recruitment process should be reported at [email protected]. Upon request, you will be provided with Internal procedure for reporting and following up on breaches of law, adopted by the Company based on the Whistleblower Protection Act.

Recruitment Scam Alerts

We’re aware of an increase in recruitment scams where individuals falsely claim to represent AML RightSource. These scammers may ask for money or personal information by offering fake job opportunities through e-mail, text message or social media. Please verify the source of any job-related communications carefully. All official AML RightSource communications are conducted through "@amlrightsource.com" email addresses. If you encounter suspicious messages, do not respond.

Skills Required

  • 3-5 years of experience in Third Party Risk Management, Vendor Management, Information Security, Compliance, Risk, Audit, Privacy, or related operational function.
  • Experience supporting vendor onboarding, risk assessments, compliance reviews, privacy reviews, or governance processes.
  • Ability to coordinate cross-functional activities involving Information Security, Privacy, Legal, and Business stakeholders.
  • Familiarity with privacy and data protection requirements including GDPR concepts, DPIAs, and data processing considerations.
  • Experience reviewing vendor documentation such as SOC 2 reports, security questionnaires, certifications, privacy documentation, or compliance evidence.
  • Strong analytical and problem-solving skills with attention to detail.
  • Effective written and verbal communication skills, including communicating risk and process requirements to stakeholders.
  • Experience working with governance, risk, compliance, procurement, ticketing, or vendor management tools (e.g., JIRA).
  • Ability to support process improvement initiatives and implement scalable governance practices.
  • Relevant certifications such as CIPP/E, Security+, ISO 27001 Foundations, CISA, CRISC, or similar.

AML RightSource Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about AML RightSource and has not been reviewed or approved by AML RightSource.

  • Flexible Benefits Flexible scheduling and remote/hybrid arrangements are positioned as meaningful non-cash value that helps offset lower base pay for some roles.
  • Parental & Family Support Parental leave for both parents is described as a notable benefit that can be especially valuable for employees starting or growing families.
  • Inclusive Benefits Coverage A broad baseline menu is described as available, including medical, dental, vision, life insurance, short/long-term disability, and voluntary coverages, alongside a 401(k).

AML RightSource Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Cleveland, OH
1,861 Employees
Year Founded: 2004

What We Do

AML RightSource is the leading firm solely focused on Anti-Money Laundering (AML)/Bank Secrecy Act (BSA) and financial crimes compliance solutions. AML RightSource provides highly-trained AML/BSA professionals to assist banks and non-bank financial institutions to meet day-to-day compliance tasks. Services include transaction monitoring, alert backlog management, enhanced due diligence reviews, fraud, and financial crimes advisory matters. Our highly trained workforce of analysts and subject matter experts includes the industry’s largest team of full time professionals. We typically provide our services directly from our secure facilities in Ohio, Arizona, New York, and Ontario. AML/BSA staff augmentation services can be provided on site per request.

Similar Jobs

Capco Logo Capco

Project Coordinator

Fintech • Professional Services • Consulting • Energy • Financial Services • Cybersecurity • Generative AI
Remote or Hybrid
Poland
6000 Employees

Capco Logo Capco

Senior Java Engineer

Fintech • Professional Services • Consulting • Energy • Financial Services • Cybersecurity • Generative AI
Remote or Hybrid
Poland
6000 Employees

Remitly Logo Remitly

Development Engineer

eCommerce • Fintech • Payments • Software • Financial Services
In-Office
Kraków, Małopolskie, POL
2800 Employees
320K-360K Annually

Datadog Logo Datadog

Engineering Manager

Artificial Intelligence • Cloud • Security • Software • Cybersecurity
Easy Apply
Remote or Hybrid
9 Locations
6500 Employees

Similar Companies Hiring

Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees
Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account