Rapid7 is seeking an experienced, self-motivated, and strategic Third Party Risk Program Manager to establish and grow our Third Party Risk Program. This is a newly created role that will act as a trusted strategic advisor within the Procurement team, and work alongside Senior Leadership to develop and establish an industry best practice TPRM program. The ideal candidate will effectively collaborate with stakeholders in IT, Information Security, and others across the organization to drive a global program that effectively manages the risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle of third-parties.
In this role you will:
Develop and Manage the end-to-end Third-Party Risk Management Program within Rapid7 which includes managing business, security, compliance, and contractual risks associated with working with third-parties.
Administer and manage the distribution of due diligence questionnaires to the suppliers, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating.
Partner with business stakeholders, including Senior, third-party vendors and subject matter experts (security, compliance, legal, etc.) to ensure program and processes are successfully executed.
Partner with a cross functional team supporting pre- and post-contract supplier due diligence efforts including inherent risk triage, administration of appropriate security assessments, continuous monitoring and issue management/remediation and escalation.
Manage a consistently growing portfolio of vendors to help maintain visibility into the risk landscape of the organization's most critical third parties.
Identify, prioritize and pursue opportunities to enhance Rapid7's TPRM processes.
Contribute to the development of detailed procedural documents and ensure alignment of TPRM with applicable regulatory requirements globally.
Gain exposure to Procurement process including but not limited to pricing negotiations and contract management.
In return you will bring:
7+ years of relevant risk management experience. Procurement experience a plus
Experience with third-party risk tools.
Excellent written and verbal communication skills, with focus on producing reports and documentation that will be presented to senior management, internal audit, and regulators.
Proven ability to operate effectively in a fast-paced, entrepreneurial company in which cross-functional teamwork and initiative is a must
Knowledge of risk management governance standards
Bachelors in Business Administration, Finance, Economics, Computer Science or related fields. MBA a plus