Senior Manager, Vendor & Third-Party Risk Management

At Forge, we know our team is our greatest asset. As innovators in the private market, our vision is to deliver a richer future for everyone. We live that vision through our values of being bold, humble and accountable. We experience the value that our vision brings to the world every day, helping the teams behind the greatest innovations of our generation, from space travel to planet-saving, plant-based nutrition and more.

With liquidity solutions, exclusive data and insights, a custody offering, and a vibrant marketplace, Forge’s goal is to power a global private market that is transparent, accessible and seamless for companies, their employees and investors. Through Forge, employees can sell their private shares, employers can reward shareholders with pre-IPO liquidity and individual and institutional investors can participate in private unicorn growth.

Forge's differentiated global marketplace addresses rising demand among individual and institutional investors for exposure to private company stocks and it is building a growing network effect with defensible competitive advantages. The Forge marketplace has over 440,000 registered users and private shares have traded in more than 500 companies since inception, representing over $12 billion in volume across 21,000 transactions. 

Needless to say, our ability to offer these powerful financial solutions has generated incredible interest from investors, demand from customers, and a need to grow our team to meet the needs of more companies, teams and innovators in this way.

The Senior Manager, of Vendor / Third-Party Risk Management (TPRM) will be primarily responsible for supporting the company’s development, implementation, and ongoing management of Vendor and Third-Party Risk review processes. The incumbent will work closely with Information Security Departments to ensure that all vendors go through a risk assessment process and/or review in a timely manner. This individual will plan and coordinates all aspects of internal programs that leverage Third-Party Risk Management best practices to deliver strategic benefits to the business. The incumbent will coordinate work performed by project managers, technical and functional staff across all IT/Business departments, internal customers, and partners, and/or vendors. This role reports to the Senior Director, Enterprise Risk Management.

As the Risk function continues to evolve at Forge, responsibilities listed below for this Vendor / Third-Party Risk Management role will change as well. 

• Conduct ongoing security, privacy, and risk assessments for vendors (e.g., vendor selection, risk ratings, security questionnaires, internal communications, contractual review and negotiation, regulatory review, on-site reviews, etc.) in conjunction with Information Security Department and other teams
• Collaborate with the Risk and Compliance teams around the development, implementation, and ongoing management of the Third-Party Risk Management Framework
• Develop Third-Party Risk Management policies, procedures, high quality reporting and training documentation that include, but not limited to, risk tiering methodology, risk assessment process flows, risk assessment questionnaires, ongoing monitoring process, triggers for escalation and reassessment on all external vendors and internal affiliates
• Advance the management and oversight on company’s vendors, e.g., reporting, operational workflows, monitoring and ensure company’s overall compliance to the Third-Party Risk Management Framework
• Develop risk tiering methodology, risk assessment process flows, risk assessment questionnaires, and reports
• Manage the implementation and maintenance of the TPRM tool (OneTrust) as the central repository for vendor information, assessment and inventory
• Provide guidance around vendor selections, reviews and due diligence, contractual / regulatory reviews, lead training and education on Third-Party risks
• Accountable for facilitating the assessment process, reporting on assessment outcomes, tracking risk acceptance and remediation efforts, risk methodologies, management reporting and ongoing monitoring, support audits, regulatory inquiries and reviews, and process documentation
• Ensure the Third-Party Risk Management Framework meets the expectations for SOX requirements and is operating within the company’s defined risk appetite
• Prepare meeting materials and lead the Third-Party Risk Committee and working groups to review updates on company’s Third-Party Risk profile, remediation efforts, trend analysis, key metrics (KRIs/KPIs), and advice on matters require escalation, etc.
• Work cross-functionally with Risk and other team members to support and drive a collaborative team environment
• Assist with reporting and ad hoc requests for other Risk initiatives and deliverables, e.g., committee, senior management and Board reporting
• Assist with implementation, monitoring and reporting of the company’s Policy Framework, Issue Management and Metrics

• Bachelors or Masters degree with Third-Party Risk Management experience, ideally 10 years of experience
• Working knowledge of Vendor Management, regulatory compliance (e.g., SIG Questionnaire, ISO 22301, ISO 27001, SOX, SOC II, GDPR, HIPPA, CCPA, GLBA as they relate to Third-Party Risk Management on vendors) activities
• Demonstrate prior experience and success in designing, building, and managing a risk-based approach VM/TPRM program; performing and leading Third-Party Risk assessments
• Familiar with industry best practice and has prior experience in dealing with various regulators, internal and external auditors, e.g., exam reviews and remediation efforts
• Familiar and has experience in assisting with other risk management frameworks, e.g., COSO, NIST, FFIEC, COBIT, BASEL, etc.
• Ability to demonstrate strong decision-making skills, and willingness to engage others and escalate issues as prudent
• Ability to evaluate and provide healthy challenge in various areas including vendor assessments, issue identification and action plan management in order to mitigate risks
• Ability to present and communicate complex ideas, anticipates potential objections, and influence others
• Ability to learn and adapt quickly at a fast-growing company
• Collaborate internally with stakeholders to develop risk frameworks, target operating models and strategies for businesses and products
• Proficient with MS Office Tools (Excel, Word, PowerPoint), BI Tools, and vendor management tools (e.g., Archer, Coupa, Dun & BradStreet, OneTrust)
• Must be able to sit and/or stand for long periods of time in an office setting or in home office setting while working

Forge is proud to be an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.