Senior Program Manager - IT

Key Duties & Responsibilities: -Program Leadership & Governance

• Design, implement, and mature the Third-Party Cyber Risk Management Program aligned with frameworks such as NIST CSF, ISO 27001, HIPAA, CIS Controls, and SOC2.
• Develop and maintain policies, standards, and procedures governing vendor security due diligence, onboarding, monitoring, and offboarding.
• Establish and iterate security exhibit for contracts, enforce compliance and iterate wherever needed.
• Lead governance committees or working groups to discuss vendor risk posture, key issues, and remediation progress with business, procurement, and legal teams.
• Define and track Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for vendor risk and present them to leadership and risk committees.

Vendor Risk Assessment & Due Diligence

• Oversee end-to-end third-party risk assessments including questionnaires, evi...