THE ROLE

We are seeking a Director of GRC Operational Risk Management. This role is responsible for leading and maturing a comprehensive third-party risk management (TPRM) program within a broader GRC and operational risk framework, ensuring that risks across vendors, partners, and digital assets are effectively identified, assessed, and managed in a practical, risk-based manner.

The role manages a team of risk analysts responsible for evaluating vendor and partner risk, conducting assessments of external websites and mobile applications, and supporting enterprise risk initiatives. In close partnership with cross-functional teams, including security, privacy, legal, and technology, this role ensures robust control environments while reinforcing resilience and regulatory compliance.

WHAT THIS ROLE WILL DO

Lead end-to-end third-party risk management (TPRM) lifecycle: