Senior Manager, Third-Party Risk Management (TPRM)
Hagerty Insurance
Senior Manager, Third Party Risk Management (TPRM)
Hagerty is a company built by drivers for drivers. We put our members at the center of everything we do and are dedicated to making it easier and more enjoyable for enthusiasts to drive and celebrate the machines they love. We're proud to be the world's largest insurer of collectible and enthusiast vehicles and are home to the Hagerty Drivers Club, the world's largest car club. Our Marketplace business presents live and digital sales across the U.S. and Europe, we host a number of driving events and concours, and our award-winning automotive journalists produce the most popular car magazine globally, alongside internationally awarded videos. We're committed to Never Stop Driving. Ready to get in the driver's seat? Join us!
The Senior Manager, Third Party Risk Management (TPRM) Policy is a key leadership role embedded within Hagerty's Enterprise Procurement & TPRM function. This position is responsible for building and stewarding a robust third-party risk governance framework that protects Hagerty from vendor-related operational, financial, regulatory, and reputational exposure—while enabling the business to move at speed with the right partners.
Sitting within Enterprise Procurement, this role is uniquely positioned at the intersection of sourcing decisions and risk governance. The Senior Manager will own TPRM policy end-to-end, integrate risk discipline into the full vendor lifecycle, and serve as the connective tissue between Procurement, Enterprise Risk Management, Legal, IT/Security, and business stakeholders. The ideal candidate combines policy expertise with a practical, business-enabling mindset – someone who knows that good risk management doesn't slow deals down; it makes them better.
What You'll Do
Policy Ownership & Governance
- TPRM policy development: Own, author, and maintain Hagerty's enterprise wide Third Party Risk Management policy, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks (e.g., NIST CSF, ISO 27001, COBIT), and Hagerty's risk appetite.
- Policy lifecycle management: Lead scheduled and event-driven policy reviews, updating documentation in response to changes in regulation, business strategy, technology, or the vendor landscape.
- Framework integration: Align TPRM policy with adjacent governance frameworks including information security, business continuity, data privacy, and enterprise risk management—ensuring consistency without duplication.
- Regulatory compliance: Ensure TPRM policies meet applicable state and federal insurance regulations, NAIC model law requirements, and any contractual or audit-driven obligations.
- Exception management: Design and administer a formal policy exception process, documenting risk acceptance decisions with appropriate stakeholder sign-off.
Vendor Lifecycle Risk Integration
- Risk-tiered due diligence: Design and embed a risk tiering methodology into Hagerty's sourcing and onboarding process, ensuring the level of pre-contract due diligence is calibrated to the risk profile of each vendor.
- Onboarding & contracting: Partner with Enterprise Procurement and Legal to ensure vendor contracts include appropriate risk and compliance provisions—covering data protection, business continuity, audit rights, and termination for cause.
- Ongoing monitoring: Oversee a structured program of periodic reassessments, performance reviews, and continuous monitoring activities for active third parties, with heightened attention to critical and high-risk vendors.
- Offboarding controls: Establish standards for vendor offboarding that protect Hagerty's data, systems, and operational continuity at contract termination.
- Supplier relationship management program: Maintain a register of critical and high-risk third parties, coordinate enhanced oversight activities and reviews, and ensure concentration risks are visible to senior leadership.
Procurement Partnership & Business Enablement
- Embedded risk advisory: Function as the day-to-day risk advisor to the Enterprise Procurement team, providing guidance during sourcing events, RFP evaluation, negotiation, and contract execution.
- Risk-informed sourcing: Bring third party risk considerations into category strategies and sourcing decisions early—helping the business identify and mitigate risk before commitments are made.
- Business unit advisory: Serve as a trusted TPRM resource for business unit stakeholders who engage vendors directly, ensuring consistent application of policy across the organization and active participation in supplier business reviews.
- Training & enablement: Design and deliver TPRM training for Enterprise Procurement staff and business-facing teams, building risk literacy and practical policy compliance across all vendor-facing roles.
Reporting, Audit & Program Maturity
- Executive reporting: Develop and present TPRM program dashboards, key risk indicators (KRIs), and risk trend analysis to the VP of Enterprise Procurement, ERM leadership, and Risk Committee audiences as appropriate.
- Audit & regulatory examination support: Serve as Enterprise Procurement's primary point of contact for internal audit and external regulatory examiners on TPRM policy, controls, and evidence.
- Issue & remediation tracking: Identify, document, and drive resolution of risk findings and gaps across the third party portfolio, escalating as needed to senior stakeholders.
- Program maturity roadmap: Build and execute a multi-year TPRM maturity roadmap aligned to Hagerty's growth trajectory, digital transformation, and evolving risk environment.
- GRC tooling: Lead or support the evaluation and implementation of TPRM software and GRC platforms to automate assessments, centralize vendor data, and improve reporting efficiency.
This might describe you
- Proven, progressive experience in third party risk management, vendor management, procurement risk, compliance, or enterprise risk—including experience in a policy ownership or program leadership role.
- Demonstrated expertise in TPRM framework design and policy writing, including risk tiering, due diligence program management, and vendor lifecycle controls.
- Strong knowledge of applicable regulatory and compliance frameworks, including insurance industry regulations, NAIC guidelines, state privacy laws, and standards such as NIST CSF, SOC 2, and ISO 27001.
- Experience working directly within or alongside a Procurement or Strategic Sourcing function, with an understanding of sourcing processes, contract structures, and supplier relationship management.
- Proven ability to influence senior stakeholders and drive alignment across cross-functional teams without direct authority.
- Exceptional written and verbal communication skills, with a track record of producing high-quality policy documents and presenting risk topics clearly to executive audiences.
Over and above
- Prior experience in the insurance or financial services industry, with direct familiarity with NAIC model laws and state insurance department examination processes.
- Professional certifications such as CRISC, CTPRP, CISA, CISM, CPM, or equivalent risk or procurement credentials.
- Hands-on experience implementing or administering a GRC or TPRM platform (e.g., Archer, ServiceNow GRC, ProcessUnity, Venminder, Coupa Risk Assess).
- Experience supporting or leading regulatory examinations or internal audits related to vendor management or operational risk.
- Bachelor's degree in Risk Management, Business, Supply Chain, Finance, Information Systems, or a related field.
Other things to note
- This position is open to U.S. remote work. However, team members who reside within 20 miles of the Traverse City headquarters will follow a hybrid schedule, working from the office three days per week.
- Familiarity with public company requirements, including Sarbanes Oxley and key regulations, if applicable. For SOX compliant roles, responsible for designing, executing, and documenting internal controls where they have been identified as owners to prevent errors in financial reporting, processes, and business operations. Including attestation to the completeness, accuracy, and compliance of all financial reporting data, where applicable.
If you reside in the following jurisdictions: Illinois, Colorado, California, District of Columbia, Hawaii, Maryland, Minnesota, Nevada, New York, or Jersey City, New Jersey, Cincinnati or Toledo, Ohio, Rhode Island, Washington, British Columbia, Canada please email View email address on click.appcast.io for compensation, comprehensive benefits and the perks that set us apart.
At Hagerty, we share the road. We are an inclusive automotive community where all are welcomed, valued and belong regardless of race, gender, age, or car preference. We are united by our shared passion for driving, our commitment to preserve car culture for future generations and our desire to make a positive impact in the world.
- ...awarded videos. We're committed to Never Stop Driving. Ready to get in the driver's seat? Join us! The Senior Manager, Third Party Risk Management (TPRM) Policy is a key leadership role embedded within Hagerty's Enterprise Procurement & TPRM function. This...SeniorContract workWork at officeRemote work3 days per week
$185k - $230k
...experienced Sr Account Executive -Third Party Originations to help grow and... ...Job Duties: Build, manage, and grow relationships with... ...identify and resolve pipeline risks, conditions, and bottlenecks... ...clients, member support team, and senior leadership. ~ Demonstrated...SeniorFull timeRemote work- ...TryApplyNow is looking for a Compliance Third-Party Risk Management Program Manager based in Washington DC. This role involves managing the Compliance TPRM framework and guiding processes related to third-party engagements. The ideal candidate will have over 5 years of...SeniorRemote work
$105k - $120k
...to the development and maturation of the Credit Union’s Third-Party Risk Management (TPRM) program, ensuring alignment with strategic goals and regulatory... ...to geographic location. What You'll Do Regardless of seniority or role, uphold UNFCU’s mission, core values, and...SeniorContract workWork at officeLocal area- ...Saravanakumar at (***) ***-**** Title: Senior Project Manager Duration: 6 Months (with... ...candidates are eligible for this position. Third-party or C2C candidates will not be considered... ...vendors, ensuring effective communication, risk management, resource allocation, and...Senior
- ...Overview Third Party Risk Management (TPRM) Senior Analyst is responsible for ensuring the organization effectively manages risks associated with third‑party vendors and partners throughout the entire third‑party lifecycle, including vendor selection, contract negotiation...SeniorContract workTemporary workWork at officeShift work
- ...First Tech Federal Credit Union in Hillsboro, OR seeks a Senior Third-Party Risk Management Analyst to ensure compliance and perform risk assessments on third-party relationships. The role involves monitoring third-party activities and providing recommendations for compliance...Senior
- ...Sr. Product Marketing Manager San Francisco, CA (Hybrid) Magnitude (formerly Archer Faris... ...to enterprise security, starting with Third-Party Risk Management, a domain that is mission critical... ...intelligence function, tracking the TPRM, AI governance, and agentic security landscape...SeniorImmediate start
$140k - $170k
...countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam... ...00 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance... ...value. About the Role: The Senior Customer Success Manager will play a key...Senior- ...Senior Product Marketing Manager At UpGuard, we are replacing manual security bottlenecks with AI-driven... ...to process 100 billion risk signals daily. This isn't just growth... ...platform for organisations to manage their third-party risk and external attack surface. Our...SeniorRemote workWork from home
- ...Senior Project Manager Forge Third Party Integration Onsite 4 days a week. Manager is flexible on the remote day. The manager is open to remote candidates... ...party portfolio into enterprise vendor management, risk, and procurement processes. This is a time bound, integration...SeniorInterim roleRemote workFlexible hours
$120.8k - $137.9k
...Principal Associate, Third Party Risk Management Capital One is seeking an energetic, self-motivated Principal Associate to join the Third Party Risk Management (TPRM) Team within the Operational Risk Management second line of defense. The TPRM team is a dedicated...Full timePart timeLocal area- ...Third-Party Risk Management Senior Analyst (MRA Remediation Support) - VP Level New York City, NY or Tampa, FL (Hybrid) 6-12 Months Contract Web Cam Interview $70-$75/Hr on W2 Job Summary: Third Party Risk is a global, first line team within...SeniorContract workRemote work
- ...Description Insight Global is seeking a Senior TPM Analyst to join a client in the... ...insurance industry and are seeking a risk and compliance subject matter expert... ...questionnaires, and tracks vendor evidence — not a manager who oversees TPRM. We are a company committed to...SeniorContract work
$150k - $200k
...countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam... ...00 organizations for self‑monitoring, third‑party risk management, board reporting, and cyber insurance... ...a strategic and highly collaborative Senior Manager, Customer Marketing to lead our...SeniorFor contractorsRemote work- ...Metropolitan Council is seeking one full-time Senior Project Manager to manage technical projects... ...timelines. Coordinate internal resources and third parties / vendors for execution of projects... .... Communicate project status, risks, and issues to stakeholders and executive...SeniorFull timeWork experience placementWork at officeRemote workWork from homeFlexible hours1 day per week
$26 - $38 per hour
...Job Title Our client is seeking a Senior Analyst, Third Party Risk Management to join their team! This position is remote. Core Responsibilities Assess and manage third-party risk exposure by supporting and enhancing Vendor Risk Management (VRM...SeniorLocal areaRemote work- ...is seeking a motivated, self-starting Analyst to join the Third Party Risk Management team. In this highly visible role, the Third Party Risk Analyst... ...assessment findings to business line owners outside the TPRM program in a way that consistently drives objective, fact-based...SeniorWork experience placement
$95k - $140k
...and regional needs. Position: Senior Water Resources Project Manager (H&H / Irrigation & Stormwater) Job... ...budgeting, scheduling, resourcing, risk identification, and change... ...Morrison-Maierle is not accepting third-party or recruitment agency solicitation...SeniorFull timeTemporary workFor contractorsLocal areaWork from homeRelocation packageFlexible hours- ...Senior Third Party Risk And Controls Management Engineer Duration-W2 Only Location-Plano, TX (Last option is Washington, DC)/Hybrid Must Have: Tech Expertise in Cyber Security, Cloud Security and IAM Must Have: Cloud Security, Third Party Risk, Gap analysis...SeniorLocal area
$170k - $210k
...Founded in 2013 by security and risk experts Dr. Alex Yampolskiy... ...for self‑monitoring, third‑party risk management, board reporting, and cyber... ...core product lines. This is a senior individual contributor role... ...with security ratings, VRM/TPRM and GRC is a plus Bachelor's...Shift work$60k - $121.3k
...Third-Party Risk Management Senior Analyst The Third-Party Risk Management (TPRM) Senior Analyst is responsible for executing third-party risk management activities across a portfolio of vendors, supporting the Bank's compliance with regulatory requirements and internal...SeniorWork at office- ...Manager, Global 2nd Line Third Party Risk Management Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business... ...Manager, Global 2nd Line Third Party Risk Management (TPRM) contributes to the overall success of the Global TPRM...Contract workFlexible hours
- ...Senior Construction Project Manager The Project Manager oversees stakeholder relationships throughout the... ...and effective communication among all parties Budgeting and Cost Control:... ...Manage regulatory, health and safety risks consistent with federal, state, and...SeniorFor subcontractorWork at officeLocal area
$163.4k - $322.1k
...Servicenow Senior Manager Our Deloitte Cyber team understands the unique challenges... ...and execute strategies for integrated risk management (IRM), governance, risk,... ...(IRM) Security Operations (SecOps) Third-Party Risk Management (TPRM) ~10+ years of demonstrated deep technical...SeniorVisa sponsorship$84.5k - $113k
...navigate complexity, uncertainty, and risk with smarter, faster decisions. From... ...DTN is seeking an experienced Senior Implementation Project Manager to lead complex, high-impact software... ...is aware of incidents where external parties have impersonated our organization....SeniorWork experience placementRemote workFlexible hours- ...maintain its existing sites. The Project Manager, Commercial Construction, will oversee... ...within the Build and Procurement Team, third-party architects, contractors, vendors, and other... ...with suppliers and vendors; use risk management procedures to protect Kiln and...SeniorFor contractorsFor subcontractorWork at officeFlexible hours
$150k - $180k
...Senior Account Executive Location - Greater NYC or... ...analytics and financial risk reporting systems. This... ...experience in project management and cross-functional leadership... ...in the Supply Chain, Third-Party Risk, Credit Risk, or... ...quota through selling TPRM, SCRM platform to well-...SeniorContract workWork experience placementWork at officeRemote workFlexible hours3 days per week$80k - $100k
...A third-party management firm is seeking a Senior Maintenance Supervisor in Richmond, Virginia. This role involves overseeing maintenance operations, managing staff, and ensuring compliance with safety standards. Ideal candidates will possess excellent customer service...Senior- ...Working remotely within the United States, the full-time Senior Configuration Manager will manage Continuous Integration and Continuous Deployment... ..., oversee data environment management, and integrate third-party software solutions to enhance application performance and...SeniorFull timeRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Senior Manager, Third-Party Risk Management (TPRM). Be the first to apply!
- energy risk manager United States
- senior risk manager United States
- enterprise risk manager United States
- head of risk management United States
- director of risk management United States
- security risk manager United States
- group risk manager United States
- safety risk manager United States
- operational risk manager United States
- risk management manager United States


