Director of GRC Operational Risk Management

This is a fully remote position, open to applicants in California, +3 more states.

📋 Description

• Oversee the complete third-party risk management (TPRM) lifecycle, which includes due diligence and onboarding, risk tiering and assessments, contractual risk controls, ongoing monitoring, and offboarding.

• Lead a team of risk analysts responsible for evaluating risks associated with vendors, partners, and outsourced services, covering financial, operational, compliance, and reputational risks, conducting risk management for external websites and mobile applications, and supporting additional risk assessments as needed.

• Collaborate with other corporate teams to review security controls, vulnerabilities, and penetration testing outcomes, ensure compliance with data protection, privacy, and resilience standards, and foster a robust risk culture that promotes accountability across the first, second, and third lines of defense.

• Enhance and evolve the program by integrating third-party risk into broader enterprise risk and operational risk frameworks, delegating assessment assignments and monitoring progress to meet SLAs across all risk tiers, supporting quality assurance through documentation review and process improvement identification, tracking team metrics, backlog status, and stakeholder engagement for reporting purposes, leading team standups, serving as the main contact for operational obstacles or intake escalations, and identifying opportunities for efficiency gains, automation, and improved stakeholder engagement.

⛳️ Requirements

• Bachelor’s degree in Business, Risk Management, Operations, or a related field, or equivalent experience.

• Relevant certifications are preferred (e.g., CRISC, CTPRP, CISA, CISM, CPA, CIA).

• A minimum of 6 years of experience in third-party risk management and/or operational risk and compliance roles, including managing teams, projects, and driving process enhancements and efficiencies.

• Exceptional leadership, communication, and organizational abilities.

• Proficiency with GRC tools and risk management platforms (e.g., ProcessUnity, Optro, Workiva, GRC, OneTrust).

• Strong analytical capabilities with the skill to convert risk data into actionable insights.

• Capability to balance strategic planning with operational execution.

• Experience in coordinating operational workflows and managing queue-based tasks.

• Familiarity with risk assessment platforms (e.g., ProcessUnity, Prevalent, or similar).

• Ability to manage multiple priorities while ensuring quality and consistency.

• Comfortable working collaboratively across functions and presenting updates to senior stakeholders.

🏝️ Benefits

• Health: Medical, vision, dental, and mental health benefits for you and your family, along with access to a health care concierge, and Flexible or Health Savings Accounts (FSA or HSA).

• Yourself: Complimentary concert tickets, generous paid time off including holidays, sick leave, and personal days.

• Wealth: 401(k) program with company matching, and stock reimbursement program.

• Family: New parent programs including caregiver leave, plus support for fertility, adoption, foster care, or surrogacy.

• Career: Professional development programs with School of Live, tuition reimbursement, and student loan repayment assistance.

• Others: Volunteer time off and crowdfunding match initiatives.