Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
Drive continuous improvement of the risk and compliance framework.
Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.
Support all stages of the third-party lifecycle, including vendor intake, onboarding, and risk assessments.
Assist in the implementation, enhancement, and administration of TPRM tools and risk management platforms.
Partner with other risk managers to support the development and use of a consistent risk taxonomy across risk domains.
New American Funding (NAF) is responsible for the governance and oversight of third-party risk. They assess the effectiveness of controls used to identify, monitor, and manage third-party risk throughout the third-party lifecycle.
Lead and manage the Third Party Findings Management process across key risk impact categories.
Drive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities.
Lead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities.
Anchorage Digital is building the world’s most advanced digital asset platform allowing institutions to participate in crypto. The company has over 600 employees and is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa.
Conduct structured interviews with partner organizations, operational teams, and technical stakeholders.
Documents end‑to‑end operational workflows and surface implicit, non‑documented practices.
Identify workflow fragility zones, handoff risks, and transition‑period vulnerabilities.
Element serves as a partner at the intersection of innovation and our clients' needs, efficiently crafting meaningful user experiences for government and commercial customers. Our talented professionals bring unparalleled energy engagement, setting a higher standard for impactful work.
Execute healthcare advisory engagements including Governance, Risk, and Compliance (GRC) assessments.
Virginia General delivers specialized governance, risk, compliance, and resilience advisory services within the healthcare sector. They aid healthcare organizations to navigate complex regulatory landscapes and cybersecurity challenges.
Own and lead the end-to-end Security Supply Chain Risk Management program.
Perform detailed third-party security risk assessments aligned with industry frameworks.
Drive cross-functional alignment serving as the subject matter expert on external supply chain risk.
Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company built on trust, transparency, and creativity. They empower teams to design, launch, and optimize for the web without barriers and believe the future of the web, and work, is more open, more creative, and more equitable.
Perform GRC functions and maintain the Cyber Security Risk register.
Execute third party risk processes for cyber and perform/execute on awareness programs and phishing processes.
Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors.
Warner Music Group is a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. They turn dreams into stardom and audiences into fans. WMG is committed to creating a work environment that actively values, appreciates, and respects everyone and encourages applications from people with a wide variety of backgrounds and experiences.
Responsible for assessing, monitoring, and managing risks associated with global third-party relationships to ensure compliance.
Supports the Global Head of Third Party Risk by preparing regular metrics and other risk reports.
Facilitates issue escalation and risk acceptance processes to ensure appropriate stakeholders are involved.
Liberty Mutual is an insurance company. At Liberty Mutual, their goal is to create a workplace where everyone feels valued, supported, and can thrive; they achieve this through comprehensive benefits, workplace flexibility, and professional development opportunities.
Execute and improve security controls, manage user and privileged access.
Run monitoring and response activities, and coordinate recurring program work.
Work cross-functionally with teammates across IT, Legal, Compliance, and business teams.
Evio is a pharmacy solutions company that was founded by and works closely with health plans to implement transformative initiatives. They have invested heavily in their people, team, and culture, creating a special place to work.
Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
Interface with internal partner teams to help drive best practices and compliance.
Evaluate and perform Risk Assessments of new software solutions with internal partners.
Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans. They consolidate all claim administration-related workflows in one scalable, secure platform and are working with clients, rebuilding trust in healthcare in the U.S.
Support CapIntel’s Governance, Risk, and Compliance program
Manage third-party risk and customer security reviews
Support operational security, privacy, and security awareness initiatives
CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.
Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
Extract security requirements from client MSAs; identify gaps and risks.
Coordinate internal and client audit requests; collect evidence.
Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.
Vendor and contractor risk assessment process during onboarding, adhering to a defined Service Level Agreement (SLA).
Conduct annual vendor monitoring and re-assessment processes for existing vendors.
Maintain the vendor inventory and collaborate with vendors on an ongoing basis to reduce identified risks.
Juniper Square's mission is to unlock the full potential of private markets by digitizing them and bringing efficiency, transparency, and access. They have a values-driven organization that offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of their physical offices.