Director of 3rd Party Cyber Risk Management
Full-time/Permanent role
Can be fully remote anywhere in the United States, but would prioritize local candidates in Saint Paul, MN.
No 3rd party resumes, Must be legally authorized to work in country of employment without sponsorship for employment visa status (e.g., H1B status).
This role is responsible for both the strategic development and operational execution of the organization’s third-party cyber risk management program. This role ensures that all third-party relationships comply with regulatory requirements, align with corporate cyber policies, and meet the organization’s risk management standards. The Director will design and implement the third-party risk management framework while leading a team of professionals to assess, monitor, and mitigate risks associated with vendors, suppliers, and other third parties. Here, you will make an impact by:
- Program Development and Management
- Risk Assessment and Mitigation
- Vendor Relationships
- Incident Management
- Reporting and Communication
- Regulatory Compliance
SKILLS:
- Bachelor’s degree or higher (completed and verified prior to start) from an accredited institution
- Ten (10) years of experience in Cybersecurity in a private, public, government or military environment
- Five (5) years of management and/or supervisory experience
- CISSP certification
Additional preferred skills:
- Master’s degree in computer engineering, computer systems or information technology field from an accredited institution
- Minimum of 8-10 years of experience in cybersecurity/risk management, with at least 5 years in a leadership role focused on third-party risk management.
- Strong knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS).
- Additional certifications such as SANS, ISACA (CGEIT, CISA, CISM, CRISC) and other technology certifications.
- Excellent communication, negotiation, and relationship-building skills.
- Ability to work collaboratively with internal teams and external vendors.
