Senior Manager, Third Party Risk

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 152 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 45 state government agencies, and 70+ healthcare organizations. More than 600+ consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

The ID.me security team is looking for a proven Senior Manager of Third Party Risk. The Senior Manager will help drive and implement the risk management practices to maintain rigor over supply chain security operations. Activities include roadmap design, control design, assessment operations, and key metrics. This role will collaborate with teams across the company to assess and manage risks when using third and fourth parties. This position will perform critical operations across procurement and customer assurance, building trust with our customers through questionnaire and audit support. 

This is a multifaceted role that combines project management, delivery management, and systems analysis responsibilities. The role embodies strategic thinking with tactical execution to enhance the customer experience, business resiliency, and promote a rationalized technology footprint. 

This role is based out of our Mountain View, CA or McLean, VA offices and requires full-time in-office attendance.

Responsibilities

• Work cross functionally with Security, IT, Engineering, Product, and Finance to evaluate vendors and assess supply chain risks. 
• Keep detailed assessment records and ERM control mappings to vendor operations in a high volume environment
• Own responding to customer assurance requests such as security questionnaires, security reviews and similar engagements.
• Performing control based assessments of vendor documentation (SOC 2) or industry standard customer questionnaire (CAIQ, SIG CORE or SIG LITE)
• Understanding of MITRE System of Trust (SoT) Framework
• Direct enablement of Sales opportunities by participating in  RFP, RFI, contracts and other sales opportunity deliverables
• Regular, effective, repeatable reporting at all levels of the organization on vendor risk and Operations. 
• Run engagements with customer auditors educate and demonstrate compliance
• Communicate effectively and proactively with management ideas and recommendations for optimizing business operations, resources and capacity to meet internal and external compliance goals
• Develop and propose key program performance and risk metrics
• Create and mature  procedural documentation, including training materials or process documentation 
• Develop, maintain, and update AI tools and services, reducing the impact of Third Party Risk management Operations.   

Basic Qualifications

• BA or BS in a technical field or equivalent experience 
• 7+ years of program management experience 
• 5+ years of experience for end-to-end management of third party risk programs 
• 4+ years of experience with major compliance audits (FedRAMP, SOC 2, HIPAA, etc.)
• Owner and builder of risk management processes. Ability to own finding and fixing issues with no supervision.
• Familiar with SaaS product design and cloud architecture.
• Deep understanding of common business processes and functions in enterprise environments
• Prior experience automating audit evidence collection 
• Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
• CCSP, CISSP, CISA, and similar certifications are a plus 

#LI-JS1

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.