Third Party Risk Manager
- Operate BitSight and complementary EASM/continuous monitoring platforms as the primary lens into Archer's third-party attack surface. Maintain a tiered vendor inventory, configure portfolio monitoring, tune alert thresholds, and ensure new vendors are onboarded into the program at contract execution.
- Conduct deep-dive investigations into vendor risk signals — including unpatched CVEs, exposed services, credential leaks, certificate anomalies, business deterioration, and dark web indicators. Correlate external ratings data with internal telemetry to assess true business exposure and eliminate false positives before escalation.
- Extend visibility beyond direct vendors to identify and monitor critical 4th-party sub-processor dependencies. Map supply chain concentration risks, single points of failure, and foreign ownership or influence (FOCI) concerns for vendors supporting defense programs or handling CUI.
- Drive risk closure by issuing formal findings, coordinating with internal vendor relationship owners, and tracking remediation commitments through resolution. Engage procurement and legal channels when vendors are non-responsive or remediation timelines are unacceptable.
- Produce crisp, executive-quality risk briefings, board-level metrics, and ad-hoc deep-dives for the CISO, General Counsel, and program security leads. Escalate critical or rapidly-deteriorating vendor risk findings in near-real-time with clear business impact statements and recommended courses of action.
- Design and administer risk-tiered security questionnaires for new and renewing vendors. Evaluate responses, validate claims against external signals, execute integrated due diligence checkpoints in Archer's procurement workflow.
- Influence, develop and maintain TPRM policies, standards, and procedures aligned to NIST SP 800-161 (C-SCRM), CMMC Level 2 SR practices, and ISO 27036. Provide transparency to external audits and government assessments by maintaining organized evidence of vendor risk controls and remediation activity.
- Serve as the TPRM lead during vendor-related security incidents — coordinating with Archer's internal IR team, managing vendor communications under legal hold protocols, and driving root cause analysis and contractual remedies following a third-party breach.
- 7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience
- Demonstrated hands-on proficiency with BitSight or an equivalent continuous monitoring platform — including alert tuning, portfolio management, vendor engagement workflows, and peer benchmarking
- Deep working knowledge of NIST SP 800-161 (C-SCRM), NIST CSF, CMMC Level 2 SR and CA practices, and ISO 27036 as they apply to vendor security governance
- Experience conducting structured vendor security due diligence across SaaS, cloud infrastructure, hardware manufacturers, and professional services suppliers
- Proven ability to investigate and triage cyber risk findings at scale — correlating external signals with business context to produce prioritized, actionable intelligence for both technical and non-technical stakeholders
- Familiarity with 4th-party risk mapping, sub-processor disclosure reviews, and supply chain concentration risk analysis
- Excellent written and verbal communication skills — able to translate complex vendor risk findings into executive-ready briefings, board-level dashboards, and actionable
- Eligibility to obtain a DoD Secret security clearance
- Certifications: CTPRP (Prevalent), CRISC, CISSP, CISM, or equivalent risk management credentials
- Active DoD Secret or Top Secret/SCI clearance
- Familiarity with ITAR/EAR data sharing constraints and their implications for vendor contracting and CUI handling
- Exposure to FOCI (Foreign Ownership, Control, or Influence) assessments
- Experience integrating TPRM tooling with GRC platforms or building risk workflow automation (e.g., auto-routing findings, SLA tracking, contract clause triggers)
- Prior startup or high-growth company experience — comfort operating with limited bureaucracy and building programs that scale with business growth
Recommended Jobs
Analog Layout Engineer
Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues a…
Enterprise Account Manager
Job Details Division: Nucor Data Systems Location: San Bernardino, CA Salary: $2,376.80 - $2,888.80 Welcome to Nucor, where our unique culture sets us apart. Joinin…
Physical Therapist - Travel Contract
Looking for a change of scenery and a chance to help others. Provide outpatient physical therapy services in San Francisco, CA. Evaluate patients, develop and implement individualized treatment plans…
Dispatcher / Scheduler
Dedicated to Quality Service! A Local Plumbing Team You Can Trust! Yellowstone Local is proud to represent Hall's Plumbing, an industry leader in residential and commercial plumbing services. You…
Dishwasher
Overview Our YOU FIRST Philosophy In addition to no night shifts, ever and our fully chef-curated menu, our #1 priority has always been our people. We care about our customers, and we care …
Physical Therapist - Travel Contract
Looking for a change of scenery and a chance to help others. Provide outpatient orthopedic evaluation and treatment as a traveling Physical Therapist in Chula Vista, CA. Treat patients with musculosk…
Events - Property Administration Specialist
POSITION SUMMARY Our Property Administrative Specialists play an important role in a number of vital hotel functions. At our hotels, Property Administrative Specialists work across departments…
Senior Ground Software Engineer
Job Description Job Description Ready to make connectivity from space universally accessible, secure and actionable? Then you’ve come to the right place! E-Space is bridging Earth and space…
Remote Customer Service Representative - Work From Home | Flexible Hours
Job Description: Are you passionate about travel and providing top-notch service? As a Travel Experience Coordinator , you’ll be the go-to guide for travelers eager to explore the world. You’ll he…
Manager, Mergers and Acquisitions
Our Mergers & Acquisitions Tax practice advises clients on tax matters throughout the transaction lifecycle, including diligence, structuring, modeling, and post-close considerations. This role offers…