Senior Manager, Vendor Management and Risk Controls

At Forge (NYSE: FRGE), we know our team is our greatest asset. As technology innovators in the private market, our vision is to deliver a richer future for everyone. We live that vision through our values of being bold, humble and accountable. We experience the value that our vision brings to the world every day, helping the teams behind the greatest innovations of our generation, from space travel to planet-saving, plant-based nutrition and more.

With liquidity solutions, exclusive data and insights, a custody offering, and a vibrant marketplace, Forge’s goal is to build the best-in-class technology infrastructure to power a global private market that is transparent, accessible and seamless for companies, their employees and investors. Through Forge, employees can sell their private shares, employers can reward shareholders with pre-IPO liquidity and individual and institutional investors can participate in private unicorn growth.

Forge's differentiated global marketplace addresses rising demand among individual and institutional investors for exposure to private company stocks and it is building a growing network effect with defensible competitive advantages. The Forge marketplace has over 440,000 registered users and private shares have traded in more than 500 companies since inception, representing over $12 billion in volume across over 21,000+ transactions.

Our ability to offer these powerful financial solutions has generated incredible interest from investors, demand from customers, and a need to grow our team to meet the needs of more companies, teams and innovators in this way.

The Senior Manager of Vendor Management and Risk Controls will be responsible for the end-to-end management of Vendor and Third-Party review processes, associated SOX controls and Risk assessments. They will additionally help enhance the company’s implementation, and ongoing enhancement of various Risk management projects and initiatives, and facilitate the development and tracking of key risk controls.

This role is a key strategic hire and promises a challenging and fulfilling agenda along with an ambitious career trajectory and progression path for the right candidate. Highlighted below are some of the currently defined responsibilities. As the Risk function continues to evolve at Forge, the scope of this incumbent role could expand to meet the needs of the company and the aspirations of the incumbent. This role will report into the Sr. Director of Enterprise Risk Management.

Vendor/Third-Party Management and Risk Review Responsibilities:

• Conduct ongoing security, privacy, and risk assessments for vendors (e.g., vendor selection, risk ratings, security questionnaires, internal communications, contractual review and negotiation, regulatory review, on-site reviews, etc.) in conjunction with Information Security Department, Legal, Finance and other teams
• Collaborate with the Risk and Compliance teams around the development, implementation, and ongoing management of the Third-Party Risk Management Framework
• Develop associated reporting and training ; enhance management and oversight of company’s vendors (e.g., reporting, operational workflows, develop key risk and return metrics including KRIs, KPIs).
• Manage the implementation and maintenance of the TPRM tool (OneTrust) as the central repository for vendor information, assessment and inventory
• Support internal and external audits, regulatory inquiries and reviews, process documentation and compliance with SOX requirements
• Lead the Vendor Management Committee quarterly meetings

Risk Control Responsibilities:

• Assisting with the implementation of the Risk Management Framework and supporting ERM and ORM efforts - including but not limited to performing risk control assessments, aggregating information and data on risks, updating the risk inventory
• Assist with managing Operational Risk Event reporting procedures and with Operational Resliency, BCP and DR controls
• Build Risk dashboards and reports, assist with the development of key Risk Analytics

Qualifications:

• Bachelors degree (ideally Master’s degree) in Business, Accounting, Finance or a Quantitative field.
• Ideally will have Vendor and Third-Party Management, Risk Controls, or related Audit experience.
• Working knowledge of Vendor Management, regulatory compliance (e.g., SIG Questionnaire, ISO 22301, ISO 27001, SOX, SOC II, GDPR, HIPPA, CCPA, GLBA as they relate to Third-Party Risk Management on vendors) activities would be preferred
• Demonstrated prior experience managing a risk-based approach VM/TPRM program
• Familiar with industry best practice and has prior experience in dealing with various regulators, internal and external auditors, e.g., exam reviews and remediation efforts
• Familiar and has experience in assisting with other risk management frameworks, e.g., COSO, NIST, FFIEC, COBIT, BASEL, etc.
• Ability to demonstrate strong decision-making skills, and willingness to engage others and escalate issues as prudent
• Ability to learn and adapt quickly at a fast-growing company, collaborate with stakeholders to develop risk frameworks, target operating models and strategies for businesses and products
• Proficient with MS Office Tools (Excel, Word, PowerPoint), BI Tools, and vendor management tools (e.g., Archer, Coupa, Dun & BradStreet, OneTrust)
• Must be able to sit and/or stand for long periods of time in an office setting or in a home office setting while working
• Open to occasional travel to our San Francisco, CA and/or New York, NY offices

Forge implements a mandatory COVID-19 Vaccination Policy, which applies to all employees. All employees covered by this policy are required to be fully vaccinated as a term and condition of employment at Forge. Employees are considered fully vaccinated two weeks after completing primary vaccination with a COVID-19 vaccine, with, if applicable, at least the minimum recommended interval between doses. Employees must provide truthful and accurate information about their COVID-19 vaccination status, and, if applicable, their testing results as of the first date of their employment. 

Employees may request an exception from this mandatory vaccination policy if the vaccine is medically contraindicated for them or medical necessity requires a delay in vaccination. Employees also may be legally entitled to a reasonable accommodation if they cannot be vaccinated because of a disability, or if the provisions in this policy for vaccination conflict with a sincerely held religious belief, practice, or observance. All such requests will be handled in accordance with applicable laws and regulations.

Forge is proud to be an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.