Third Party Risk Management Lead - USDS
$132.48k - $336.96kTikTok USDS Joint Venture
Responsibilities Lead the end-to-end Third-Party Risk Management lifecycle (intake, due diligence, contracting, ongoing monitoring, and exit) for relevant third-parties, aligning to enterprise risk, national security compliance, security, privacy, and resilience requirements. Design and maintain the TPRM operating model, including roles and responsibilities, RACI, and handoffs across cross-functional business teams, Procurement, Legal, and Security & Privacy. Implement and continuously refine automation- and AI-enabled workflows (e.g., dynamic questionnaires, evidence collection, control testing, and issue tracking) to scale assessments, reduce manual effort, and show measurable efficiencies. Develop and manage continuous control monitoring and data-driven vendor risk scoring, leveraging internal and external data sources (e.g., security ratings, vulnerability and incident data, SOC 2 reports) to produce actionable risk indicators, including supply chain and concentration risk. Translate regulatory requirements and industry frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, SIG/CAIQ) into practical third-party control requirements, playbooks, and testing procedures. Prepare and present clear metrics, dashboards, and narratives on third-party risk posture, key issues, and remediation progress to senior leadership, governance forums, and audit stakeholders. Drive remediation and risk decisions with influence, partnering with senior leaders to resolve material third-party issues, shape risk acceptance decisions, and ensure timely closure of gaps. Qualifications Minimum Qualifications: Bachelor’s degree or equivalent practical experience and 5+ years of applicable experience in information security, risk management, privacy, or compliance, with significant experience focused on Third-Party Risk Management, vendor risk, or supply chain security in a program leadership role. Proven experience designing, implementing, and operating TPRM processes across the third-party lifecycle (intake, due diligence, contracting, ongoing monitoring, and termination) in a highly regulated or high-risk environment, including hands-on experience evaluating technical and procedural controls at third parties, interpreting SOC 2 and similar assurance reports, and reviewing supporting evidence with infrastructure, application, and security engineering teams. Strong working knowledge of information security and privacy control frameworks as applied to third parties (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, SIG/CAIQ, vendor due diligence standards). Experience designing or using vendor risk scoring models, key risk indicators, and dashboards to monitor third-party risk posture and drive measurable outcomes, plus ability to design and improve process automation using modern GRC/TPRM tooling (e.g., Archer, ServiceNow, OneTrust, ProcessUnity or similar), including leveraging rules, integrations, and AI-enabled capabilities to streamline assessments and monitoring. Proven ability to build cross-functional relationships with technology and engineering teams to enable technical workflows and advancements to the program, with success leading cross-functional initiatives and influencing stakeholders across Procurement, Legal, Privacy, Security, Engineering, Finance, and business teams without direct authority. Excellent communication skills, with the ability to translate complex technical and regulatory concepts into clear, business-focused narratives for diverse audiences. Familiarity with US-centric regulatory expectations related to third-party risk, data protection, and security (e.g., federal and state privacy and cybersecurity requirements, industry supervisory guidance). Preferred Qualifications: Experience building, scaling, or modernizing Third-Party Risk Management programs in highly regulated or US-critical sectors (e.g., financial services, telecommunications, cloud, or public sector), including close partnership with Privacy and Legal teams to align TPRM controls with data protection requirements. Experience designing continuous control monitoring, automation, and data pipelines for third-party risk (e.g., integrating external security ratings, SIG/CAIQ responses, SOC 2 outputs, vulnerability and incident data), including experimentation with AI/ML or advanced analytics to identify anomalies and prioritize remediation. Relevant professional certifications such as CTPRP, CTPRA, CISA, CISSP, CISM, CRISC, or similar. About USDS TikTok USDS Joint Venture LLC is dedicated to the safety and security of millions of Americans who create, discover, and connect with what they love on the apps we operate. The Joint Venture has been established in compliance with the Executive Order signed by President Trump on September 25, 2025. Our foundation is a comprehensive data privacy and cybersecurity program we operate under defined safeguards to protect national security and secure U.S. user data, apps and the algorithm. We safeguard the U.S. content ecosystem, holding decision-making authority for trust and safety policies and moderation. On-site presence across teams allows the company to operate with greater speed, alignment, and agility — especially in areas like real-time decision-making, team development, and integrated execution. As such, the company is shifting from a hybrid work model to a fully in-person schedule up to 5 days a week. Why Join Us Inspiring creativity is at the core of TikTok's mission. Our product helps people express themselves, discover, and connect. Our diverse teams make that possible, and we strive to create value for communities while inspiring creativity and joy. We aim to do great things with great people, leading with curiosity, humility, and a desire to make an impact in a fast-growing tech company. We embrace challenges, iterate, and maintain an "Always Day 1" mindset to achieve meaningful breakthroughs. Diversity & Inclusion TikTok is committed to creating an inclusive space where employees are valued for their skills, experiences, and unique perspectives. Our platform connects people from across the globe and so does our workplace. We are passionate about diversity and building an environment that reflects the communities we reach. USDS Reasonable Accommodation USDS provides reasonable accommodations in our recruitment processes for candidates with disabilities, pregnancy, sincerely held religious beliefs, or other protected reasons. If you need assistance or a reasonable accommodation, please reach out at Job Information Compensation (Annual): The base salary range for this position in Washington, DC is $132,480 - $336,960. Compensation may vary based on qualifications, skills, competencies, experience, and location. Base pay is one part of the total package and may include discretionary bonuses/incentives and stock units. Benefits include medical, dental, vision, 401(k) with company match, paid parental leave, disability coverage, life insurance, wellbeing benefits, and paid time off. The company reserves the right to modify benefits programs at any time. #J-18808-Ljbffr TikTok USDS Joint Venture
- Affirm is seeking a Security Risk Manager to lead the Security Third Party Program, focusing on security governance and risk management. The role requires 5+ years in information security and proficiency in Python and cloud environments. You'll partner with various stakeholders...SuggestedFlexible hours
$120.8k - $137.9k
Capital One National Association is seeking a Principal Associate for its Third Party Risk Management Team in McLean, VA. This role involves assessing risks in third-party management and working collaboratively with stakeholders to manage operational risks. Ideal candidates...Suggested- Capital One is seeking a Cyber Third Party Risk Reduction (CTPRR) Senior Manager, Operations Manager in McLean, VA. This full-time role oversees the CTRPP lifecycle, driving risk management for third-party engagements and coordinating with Legal, Procurement, and InfoSec...SuggestedFull time
- TikTok USDS Joint Venture in Washington, DC, is looking for a skilled professional to lead the Third-Party Risk Management (TPRM) lifecycle. This role involves evaluating vendor risks, ensuring compliance with national security standards, and implementing automation in...Suggested
- ...seeking a Civil Engineering Lead to support software sustainment... ...site location, construction management, general contracting oversight... ...coordination with relevant third parties. Experience supporting Department... ...compliance Conflict and risk management Process...SuggestedFor contractorsWork at office
- ...seeking a multi-site Service Manager for the DC area - totaling 46... ...position’s time is involved in leading, managing and completing... ...within service team or from third-party service vendor. Conduct periodic... ...recovery log in compliance with Risk Management guidelines. Manage...For contractorsApprenticeshipWork at officeLocal areaImmediate startFlexible hoursAfternoon shift
- ...requisition id: R5021625The Lead Estimator is responsible for... ...shoring systems.* HCSS HeavyBid Management: Build and manage cost... ...piles, casing, concrete) and third-party services.* Pre-Construction Strategy... ...and equipment spreads.* Risk Management: Identify potential...Full timeFor subcontractorWork at officeLocal area
- ...and ensuring alignment with corporate risk management, compliance, and patient safety priorities... ...& Behavioral Threat Assessment Lead enterprise-wide Workplace Violence Prevention... ...involving employees, patients, visitors, and third parties. Investigations & Incident Management...Local area
- ...Supply Chain Risk Management Strategy and Implementation Lead – (Clearance Required) Location: US‑DC‑Washington, DC Overview LMI is seeking a Supply Chain... ...developing, implementing, or maturing SCRM, third‑party risk management, or supplier risk programs. Demonstrated...Work experience placementLocal areaShift work
$118.2k - $160k
Description The ESS Enablement Lead is a newly created,... ...Marketing API (Geo Leaders) and Lead Management Programs (LMP) amongst others... ...Partner Summit, Cohort, and third-party events) Own socialization of... ...around progress on goals and risks on path to green, in partnership...Flexible hours$110k - $130k
...InfoStructure LLC., (Devis) is a leading provider of innovative software development, management, and consulting services,... ...Lead serves as the leader for the Risk Management Framework (RMF) program... ...14028 requirements, including third‑party/SBOM risk analysis Develop A&A...Full timeWork at officeMonday to Friday- ...develop, test, and enhance enterprise applications supporting IT infrastructure. You will modify existing C#/ASP.NET code, integrate third-party components, and drive automation of operations using .NET technologies. The role requires a Top Secret clearance, a Bachelor's...
- ...Overview We are seeking a highly skilled Lead Incident Responder to manage and maintain critical security... ...candidate will have extensive experience in risk management, incident response, and... ...63 systems, testing one-third of the security controls each year, and...Contract workFor contractorsWork at officeLocal area
- ...growing government contractor providing leading-edge support to federal customers, with... ...messaging, feedback, and reputational risk management with MC&FP priorities. Responsibilities... ...organizations, advocacy campaigns, or third-party stakeholder organizations. Experience...Contract workFor contractorsLocal area
- Responsibilities Provide strategic leadership, management, and direction to a multifaceted team... .... Act as senior escalation lead and coverage for the USDS Policy Implementation team to swiftly... ...topics and escalations to drive our risk containment strategy. Drive the...Temporary workWork experience placementShift work
- Otsuka America Pharmaceutical Inc. is seeking a senior analytical sciences leader to oversee strategy and technical analytics across third‑party labs. Responsibilities span method development, validation/qualification, stability testing, and regulatory support for early to...
- Job Title: Evaluation Team Lead Location: USA, Remote Duration: Contract-based; project timeline to be determined Background: The... ...(OSD) is procuring an external evaluation that will provide a third‑party, unbiased assessment of program outcomes and impacts, complementing...Contract workPart timeWork at officeRemote work
- ...services, and chronic disease management under one roof, creating a... ...efficiency. Role Overview The Lead, 340B Growth and Partnerships... ...operations, covered entity partners, third‑party administrators, wholesalers,... .... Compliance and Risk Management Ensure 340B programs...Contract workLocal area
$249.97k - $388.13k
...Executive Director, Global Value Evidence Lead, is a strategic leader responsible for... ...support in career development and performance management for direct reports Enhance the... ...Otsuka will also never ask you to download a third-party application in order to communicate...Temporary workLocal areaFlexible hours- ...Job Description Job Description Supply Chain Risk Management (SCRM) Lead Falls Church, Virginia. Full-time. Important Notice: This... ...management programs assessing and mitigating risks from third-party vendors, commercial software, and supply chain...Full timeContract workWork at officeRemote work
- Lead Systems Architect Job Summary We are seeking a Subject Matter... ...role provides technical and management leadership on major... ...providers, solution providers, and third-party vendors to implement architecture... ...processes Support program risk management by identifying, documenting...Full timeWork at officeLocal area
- ...agencies to resolve problems. Communicate with management at the Organization, subsidiaries, affiliates, other third parties, etc. as to project status and completion... ...charts of data developed. Serve as a project lead for special projects within the department. Lead...Work at officeLocal area
$105.79k - $141.05k
...connectivity, join us today. The Role The Lead Contract Manager is responsible for negotiating and acquiring various 3rd Party Fiber/Conduit Agreements related to the... ...conduit agreements, and splicing orders with third party providers. Coordinates delivery, acceptance...Contract workTemporary workRemote work$109.8k - $241.6k
Job Title: E-Discovery Lead Project Manager Job Category: Project and Program Management Time Type: Full time Minimum Clearance Required to... ...management training and certification. Identify issues and risks to project success, develop a risk‑management tracking log,...Full timeFor contractorsWork at office- Overview Lead Cyber Security Operations Center (CSOC) Analyst - USDS Responsibilities As a Lead SOC Analyst, you’ll play a critical role at the intersection of... ...-functional analyst SOC teams. Demonstrated time management, problem-solving, effort prioritization and...Temporary work
- ## MF Risk - Risk Analysis - Lead AssociateApplyremote type: Flexlocations: Washington, DCtime type:... ...activities, and strengthen the risk management framework for Fannie Mae’s Multifamily... ..., fraud risk management, and third-party risk programs.* Assess adherence to...Work at officeRemote work
$136k - $253k
Lead Governance & Compliance Analyst Are you ready to help secure... ...such as Legal Research and Risk & Fraud. This role is central... ..., the FedRAMP PMO, and third-party assessment organizations to support... ...activities, including POA&M management, vulnerability reporting, monthly...Contract workWork at officeLocal areaFlexible hours2 days per week3 days per week- ...Job Title: ISSO/ISCM Lead (RFP) Job Location: Washington, DC Contractor shall provide an ISSO/ISCM Lead responsible for the strategic... ...Continuous Monitoring (ISCM) program. This role leads the Risk Management Framework (RMF) and A&A lifecycle, ensuring that all security...For contractorsWork at office
- ...provides analytical, acquisition, and business management support services to federal agencies. AMA... ...security initiatives. AI Governance Lead The AI Governance Lead will design... ...AI policy, ethical AI standards, and risk management frameworks. This position plays...
- ...Program Evaluation Lead ProSidian is a Management And Operations Consulting Services firm that focuses on providing value to clients through tailored... .... ProSidian provides enterprise services/solutions for Risk Management | Compliance | Business Process | IT...Full timeContract workH1bWork at office
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Third Party Risk Management Lead - USDS. Be the first to apply!

