Ensemble Health Partners

Manager, Cybersecurity Governance Risk & Compliance

Ensemble Health Partners$118K — $167K *
US-AnywhereRemote in United States
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or related field
  • 8+ years in cybersecurity, risk management, or third-party risk management
  • 2-3 years of direct people leadership experience
  • Experience leading enterprise Third-Party Risk Management programs
  • Expertise in vendor risk assessments and cybersecurity evaluations
  • Strong project management and organizational skills
  • Excellent communication skills for technical and executive audiences

Responsibilities

  • Lead and develop the TPRM team, overseeing day-to-day operations
  • Ensure operational quality for third-party risk assessments and contract security reviews
  • Serve as the escalation point for complex vendor risk decisions
  • Drive continuous improvement of the TPRM program and methodologies
  • Collaborate with stakeholders on AI-related governance in risk management
  • Lead strategic initiatives for enhancing TPRM capabilities and program efficiency
  • Provide executive reporting and insights on risk posture and vendor assessments

Benefits

  • Flexible remote work options with occasional travel required
  • Opportunities for professional development and training
  • Supportive culture emphasizing accountability and continuous improvement
  • Engagement with cross-functional teams across the organization
  • Emphasis on building scalable cybersecurity and risk management capabilities
Full Job Description

Job Summary

The Cybersecurity Manager – Third-Party Risk Management (TPRM) is responsible for the operational leadership, effectiveness, and continuous maturation of the organization's Third-Party Risk Management program. Working closely with the Director of TPRM, this role leads a team responsible for vendor risk assessments, contract security reviews, continuous monitoring, remediation governance, and risk reporting activities.

The Manager is accountable for team performance, assessment quality, risk-based decision making, stakeholder engagement, executive reporting, and successful execution of strategic initiatives. This role serves as a key partner to business, technology, legal, compliance, privacy, and procurement stakeholders to ensure vendor risks are identified, evaluated, and managed consistently across the organization.

The ideal candidate is an experienced people leader who thrives in a fast-paced environment, can effectively influence cross-functional stakeholders, and is passionate about building scalable, sustainable cybersecurity and risk management capabilities.

Essential Job Functions

Team Leadership & Development

  • Provide day-to-day leadership, guidance, and oversight for TPRM team members
  • Coach, mentor, and develop team members through performance feedback, career development planning, training opportunities, and formal performance evaluations.
  • Manage team capacity, workload prioritization, resource allocation, and operational challenges to ensure timely delivery of assessments, contract reviews, strategic initiatives, and departmental objectives.
  • Accountable for team performance, service delivery metrics, quality standards, and achievement of operational goals.
  • Lead recruiting, interviewing, onboarding, and performance management activities.
  • Identify staffing, skillset, and resource needs to support current operations and future program growth.
  • Foster a culture of accountability, collaboration, innovation, and continuous improvement.

Third-Party Risk Management Operations

  • Provide operational oversight and quality assurance for third-party risk assessments, contract security reviews, continuous monitoring activities, and risk evaluations, ensuring consistent application of established methodologies and quality standards.
  • Own the operational health of the enterprise third-party portfolio by ensuring assessment service levels, continuous monitoring, remediation tracking, and executive visibility objectives are achieved.
  • Serve as the primary escalation point for complex vendor risk decisions, including risk acceptances, exceptions, compensating controls, remediation plans, and vendor approval recommendations.
  • Provide oversight for contract security reviews and ensure risk-based recommendations for vendor approvals, exceptions, and escalations.
  • Review and approve high-risk assessment findings, risk ratings, remediation recommendations, and exception requests to ensure consistency with enterprise risk standards.
  • Ensure vendor risk decisions and recommendations are documented, defensible, and aligned with enterprise risk tolerance.
  • Collaborate with business stakeholders on critical vendor engagements and initiatives.

Program Development & Governance

  • Lead continuous maturation of the Third-Party Risk Management program through improvements to governance processes, operating models, methodologies, documentation standards, and automation capabilities.
  • Develop, maintain, and improve cybersecurity policies, standards, procedures, and governance frameworks.
  • Identify and implement automation opportunities to improve operational efficiency and program effectiveness.
  • Serve as the primary point of contact for internal and external audit and regulatory requests related to TPRM controls and processes; ensure supporting evidence, documentation, and remediation status are maintained in an audit-ready state.

Artificial Intelligence (AI) Governance

  • Partner with enterprise stakeholders to incorporate AI-related cybersecurity, privacy, legal, compliance, and operational risk considerations into third-party risk management processes.
  • Monitor emerging AI governance expectations and recommend enhancements to assessment methodologies, controls, and governance practices as appropriate.
  • Define and maintain assessment criteria for AI-enabled third parties in partnership with Legal, Privacy, and Compliance.

Strategic Project Leadership

  • Lead strategic initiatives that improve Third-Party Risk Management capabilities, operational efficiency, program maturity, and risk visibility.
  • Develop and execute program roadmaps, establish priorities, coordinate cross-functional stakeholders, remove delivery obstacles, and ensure successful execution of key initiatives.
  • Lead implementation and optimization of supporting technologies, automation solutions, and reporting capabilities.

Executive & Cross-Functional Partnership

  • Serve as a trusted advisor to business leaders by providing practical guidance that enables informed business decisions while protecting the organization.
  • Escalate significant vendor risks and emerging program issues to the Director of TPRM while recommending practical courses of action.
  • Build trusted relationships with stakeholders across Cybersecurity, Legal, Procurement, Privacy, Compliance, Internal Audit, and Technology teams.
  • Own end-to-end executive reporting for the TPRM program (dashboards, KPIs/KRIs, portfolio risk posture) and translate technical risk into business-relevant insights for leadership.
  • Establish operational metrics that demonstrate program effectiveness, efficiency, and risk reduction.
  • Present findings and strategic recommendations to leadership and the Director of TPRM, driving informed decision-making.
  • Translate technical cybersecurity risks into business-focused insights and actionable recommendations.

Employment Qualifications

Required Qualifications

  • Bachelor's degree in Cybersecurity, Information Technology, Information Systems, Computer Science, or a related field, or equivalent combination of education and experience.
  • Minimum 8 years of cybersecurity, risk management, governance, compliance, or third-party risk management experience.
  • Minimum 2-3 years of direct people leadership experience.
  • Experience leading enterprise Third-Party Risk Management programs or significant cybersecurity governance initiatives.
  • Experience developing executive-level reporting, performance metrics, and strategic communications.
  • Demonstrated experience leading teams responsible for complex vendor risk assessments and cybersecurity evaluations.
  • Strong understanding of third-party risk management practices, cybersecurity controls, and risk assessment methodologies.
  • Experience developing policies, standards, and governance processes within cybersecurity or risk management functions.
  • Strong project management, organizational, and analytical skills.
  • Excellent written, verbal, and presentation skills with the ability to communicate effectively to both technical and executive audiences.
  • Ability to balance strategic planning with hands-on execution in a dynamic environment.

Preferred Certifications

One or more of the following certifications is preferred:

  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • CCSP (Certified Cloud Security Professional)
  • CCSK (Certificate of Cloud Security Knowledge)

Preferred Qualifications

  • 6–10+ years of experience in cybersecurity, GRC, or vendor risk management.
  • Experience leading or significantly contributing to a mature Third-Party Risk Management or Governance, Risk & Compliance (GRC) program.
  • Experience implementing or optimizing TPRM platforms and related technologies.
  • Experience leading organizational change, process transformation, and automation initiatives within cybersecurity or risk management programs.
  • Experience developing executive dashboards, KPIs and operational reporting for cybersecurity or risk management programs.
  • Experience leading audit readiness, regulatory compliance, and risk reporting initiatives.
  • Knowledge of AI governance principles, AI risk management frameworks, and emerging AI regulations
  • Knowledge of cybersecurity frameworks and standards such as NIST, ISO 27001, HITRUST, SOC 2, CIS Controls, and related industry frameworks.
  • Demonstrated ability to influence stakeholders and drive change without direct authority.
  • This position pays between $118,000-$167,700 based on experience
  • This is a remote position; however, candidates must be willing and able to travel to and work onsite at client, temporary, or corporate office locations as business needs require.

This posting addresses s state specific requirements to provide pay transparency. Compensation decisions consider many job-related factors, including but not limited to geographic location; knowledge; skills; relevant experience; education; licensure; internal equity; time in position. A candidate entry rate of pay does not typically fall at the minimum or maximum of the roles range.

#LI-LP1

#LI-Remote

Similar Jobs

More Jobs at Ensemble Health Partners

More Information Technology Jobs

Find similar Manager, Cybersecurity Governance Risk & Compliance jobs: