Role Overview
The ID.me security team is looking for a proven Senior Manager of Third Party Risk. As an individual contributor, the Senior Manager will help drive and implement the risk management practices to maintain rigor over supply chain security operations. Activities include roadmap design, control design, assessment operations, and key metrics. This role will collaborate with teams across the company to assess and manage risks when using third and fourth parties. This position will perform critical operations as part of procurement and customer assurance.
This is a multifaceted role that combines project management, delivery management, and systems analysis responsibilities. The role embodies strategic thinking with tactical execution to enhance the customer experience, business resiliency, and promote a rationalized technology footprint.
Responsibilities
Work cross functionally with Security, IT, Engineering, Product, and Finance to evaluate vendors and assess supply chain risks.
Keep detailed assessment records and ERM control mappings to vendor operations in a high volume environment
Own responding to customer assurance requests such as security questionnaires, security reviews and similar engagements.
Performing control based assessments of vendor documentation (SOC 2) or industry standard customer questionnaire (CAIQ, SIG CORE or SIG LITE)
Understanding of MITRE System of Trust (SoT) Framework
Direct enablement of Sales opportunities by participating in RFP, RFI, contracts and other sales opportunity deliverables
Run engagements with customer auditors educate and demonstrate compliance
Communicate effectively and proactively with management ideas and recommendations for optimizing business operations, resources and capacity to meet internal and external compliance goals
Develop and propose key program performance and risk metrics
Create and mature procedural documentation, including training materials or process documentation
Qualifications
BA or BS in a technical field or equivalent experience
5+ years of program management experience
3+ years of experience for end-to-end management of third party risk programs
3+ years of experience with major compliance audits (FedRAMP, SOC 2, HIPAA, etc.)
Owner and builder of risk management processes. Ability to own finding and fixing issues with no supervision.
Familiar with SaaS product design and cloud architecture.
Deep understanding of common business processes and functions in enterprise environments
Prior experience automating audit evidence collection
Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
CCSP, CISSP, CISA, and similar certifications are a plus
At ID.me, we believe that an in-office culture fosters professional growth and development, mentorship, collaboration, and accelerated innovation. This position will be in-office based at one of our locations in either McLean, VA or Sunnyvale, CA. Working in an office together allows our culture to thrive and our team members to establish real connections with their coworkers and the opportunity for lifelong friendships. Our work is critical to protecting online identity and we're confident that working together is how we'll change the world.#LI-JS1
