Third-Party Risk Management Manager

At Deckers Brands, Together, Every Step is a promise kept that every employee can bring their authentic self, is valued and supported, as a whole person, at work and beyond. Together, Every Step is how we continue to deliver exceptional business results, experience an amazing place to work, and have a positive impact on the communities and world around us.

Job Title: Third-Party Risk Management Manager

Reports to: Sr. Manager, Governance, Risk & Compliance

Location: Remote

Interested applicants must reside in one of the following approved states: Arizona, California, Colorado, Indiana, Massachusetts, Minnesota, New York, Oregon, Pennsylvania, Texas, Utah, Washington

The Role

Deckers Brands is seeking a qualified and detail-oriented professional to join our team as a Third-Party Risk Management Manager. The ideal candidate will play a pivotal role in implementing and maintaining effective processes to assess, monitor, and mitigate risks associated with our third-party relationships.

We celebrate diversity--of your background, your experiences and your unique identity. We are committed to ensuring an inclusive and equitable workplace where all of our employees can Come as They Are. We believe that when we bring our different perspectives to work, we are truly Better Together.

Your Impact

The role of Third-Party Risk Management Manager will focus on these core capabilities:

• Vendor Onboarding
  • Facilitate the onboarding process for new vendors, conducting risk assessments and due diligence to evaluate their security and compliance practices.
• Risk Assessment
  • Conduct risk assessments for existing and potential vendors, evaluating their cybersecurity posture, data protection measures, and overall risk profile.
• Policy Implementation
  • Implement and enforce third-party risk management policies and procedures, ensuring alignment with industry standards and regulatory requirements.
• Contractual Reviews
  • Collaborate with legal and procurement teams to review vendor contracts, ensuring that security and compliance requirements are adequately addressed.
• Continuous Monitoring
  • Implement and maintain a continuous monitoring program to track the security and performance of third-party vendors over time.
• Issue Resolution
  • Work closely with vendors to address identified security issues or gaps, providing guidance and support for remediation efforts.
• Documentation and Reporting
  • Maintain comprehensive records of third-party risk assessments and associated documentation.
  • Generate regular reports on the status of third-party risk management activities for management and relevant stakeholders.
• Regulatory Compliance
  • Stay abreast of changes in regulations and industry standards related to third-party risk management, ensuring ongoing compliance.
• Training and Awareness
  • Provide training and awareness sessions to internal stakeholders on third-party risk management best practices.
• Incident Response Coordination
  • Collaborate with the incident response team to develop and implement plans that address security incidents involving third-party vendors.

Who You Are

The successful candidate for this role will have excellent communication skills, both verbally and written. Meticulous detail when executing your work with a strong appetite for learning new technologies and staying current with dynamic security and compliance trends. Strong analytical and problem-solving skills with curiosity that constantly compels you to ask, "Why?" Finally, you will bring a fantastic attitude of empathy and openness as you work with the Information Security team and our business partners.

We'd love to hear from people with

• Bachelor's degree in business, Information Security, Risk Management, or a related field
• Proven experience with three (3) years in third-party risk management, vendor management, or a related role
• Prior experience leading administration and management of a TPRM solution, such as Process Unity
• Knowledge of cybersecurity, data protection, and privacy principles
• Familiarity with relevant regulations and standards (e.g., GDPR, PCI, NIST, ISO 27001)
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Ability to work collaboratively across departments and with external vendors
• Relevant certifications (e.g., CTPRP, CRISC, CISSP, CISA, CISM) are a plus

What We'll Give You

• Competitive Pay and Bonuses - We've created a variety of competitive compensation programs to foster career development, reward success and to show our employees just how much they're valued.
• Financial Planning and wellbeing - No matter what financial goals our employees have set, we want to help them get there. Our plans provide powerful ways to protect income, pay for expenses and invest in the future.
• Time away from work - Sometimes we need time away to be with family, focus on our health or just simply recharge. Our plans support our employees' needs to get out, get healthy and come back stronger than ever.
• Extras, discounts and perks - Being a valued member of the Deckers Brands team means more than just a paycheck. From generous discounts to community-based programs, we offer a variety of cool extras
• Growth and Development - Deckers Brands was built on the idea of pursuing passion. That's why we offer extensive opportunities and support for personal and professional development.
• Health and Wellness - There's nothing basic about our comprehensive health and wellness programs and offerings. While at work and at play, we aim to support a healthy lifestyle.

$125,000 - $135,000

The salary range posted reflects the minimum and maximum target for new hire salaries for this role in our Goleta, CA location. Individual pay will be determined by location and additional factors, including job related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary for your preferred location during the hiring process.

Equal Employment Opportunity

Diversity and inclusion are key to our success. We are proud to be an equal opportunity employer and our employees are people with different strengths, experiences and backgrounds who share a passion for our brands. We welcome qualified applicants regardless of their race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, military or veteran status, mental or physical disability, medical condition and all of the other beautiful parts of your identity.

#LI-AR1