Source Job

• Support all stages of the third-party lifecycle, including vendor intake, onboarding, and risk assessments.
• Assist in the implementation, enhancement, and administration of TPRM tools and risk management platforms.
• Partner with other risk managers to support the development and use of a consistent risk taxonomy across risk domains.

New American Funding (NAF) is responsible for the governance and oversight of third-party risk. They assess the effectiveness of controls used to identify, monitor, and manage third-party risk throughout the third-party lifecycle.

• Oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives.
• Manage vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies.
• Drive continuous improvement of the risk and compliance framework.

Concorde Career Colleges is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee based on race, color, religion, religious creed, national origin, ancestry, sex, age, veteran or military status, or any other legally protected characteristic. Concorde Career Colleges offer short career-focused programs preparing students for the healthcare industry.

• Lead and manage the Third Party Findings Management process across key risk impact categories.
• Drive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities.
• Lead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities.

Anchorage Digital is building the world’s most advanced digital asset platform allowing institutions to participate in crypto. The company has over 600 employees and is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa.

• Responsible for assessing, monitoring, and managing risks associated with global third-party relationships to ensure compliance.
• Supports the Global Head of Third Party Risk by preparing regular metrics and other risk reports.
• Facilitates issue escalation and risk acceptance processes to ensure appropriate stakeholders are involved.

Liberty Mutual is an insurance company. At Liberty Mutual, their goal is to create a workplace where everyone feels valued, supported, and can thrive; they achieve this through comprehensive benefits, workplace flexibility, and professional development opportunities.

• Support CapIntel’s Governance, Risk, and Compliance program
• Manage third-party risk and customer security reviews
• Support operational security, privacy, and security awareness initiatives

CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.

• Manage and develop staff members under Product Compliance.
• Oversee and contribute to the vulnerability management lifecycle.
• Assess and serve as a subject matter expert for regulatory and compliance requirements.

ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.

• Perform GRC functions and maintain the Cyber Security Risk register.
• Execute third party risk processes for cyber and perform/execute on awareness programs and phishing processes.
• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors.

Warner Music Group is a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. They turn dreams into stardom and audiences into fans. WMG is committed to creating a work environment that actively values, appreciates, and respects everyone and encourages applications from people with a wide variety of backgrounds and experiences.

• Conduct structured interviews with partner organizations, operational teams, and technical stakeholders.
• Documents end‑to‑end operational workflows and surface implicit, non‑documented practices.
• Identify workflow fragility zones, handoff risks, and transition‑period vulnerabilities.

Element serves as a partner at the intersection of innovation and our clients' needs, efficiently crafting meaningful user experiences for government and commercial customers. Our talented professionals bring unparalleled energy engagement, setting a higher standard for impactful work.

• Execute healthcare advisory engagements including Governance, Risk, and Compliance (GRC) assessments.

Virginia General delivers specialized governance, risk, compliance, and resilience advisory services within the healthcare sector. They aid healthcare organizations to navigate complex regulatory landscapes and cybersecurity challenges.

• Manage SOC 2 Type II audits, serving as the primary point of contact for auditors and collaborators.
• Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management.
• Conduct structured gap analyses against applicable frameworks to identify control deficiencies and develop prioritized remediation roadmaps.

Rad AI is transforming healthcare with AI-driven solutions, revolutionizing radiology to save time, reduce burnout, and improve patient care. They have secured over $140M in funding and recognized as a fast-growing company, fostering transparency, inclusion, and close collaboration.

• Lead the organization’s cybersecurity strategy, governance, and operational security programs.
• Protect company systems, networks, and data by developing security policies and managing risk.
• Oversee security operations and lead incident response efforts.

Lightcast is a global leader in labor market insights with headquarters in Moscow, ID (US) and offices in the United Kingdom, Europe, and India. They drive economic prosperity and mobility by providing insights to build and develop people, institutions, companies, and communities.

• Mature and execute the enterprise risk management framework.
• Lead day-to-day execution of Akoya’s cybersecurity program.
• Oversee corporate IT governance in partnership with the IT Systems Administrator.

Akoya is building a secure API-driven open finance network. They value diverse experiences and encourage everyone to apply, especially those who will bring something new to the table.

• Own and lead the end-to-end Security Supply Chain Risk Management program.
• Perform detailed third-party security risk assessments aligned with industry frameworks.
• Drive cross-functional alignment serving as the subject matter expert on external supply chain risk.

Webflow is building the world’s leading AI-native Digital Experience Platform as a remote-first company built on trust, transparency, and creativity. They empower teams to design, launch, and optimize for the web without barriers and believe the future of the web, and work, is more open, more creative, and more equitable.

• Manage the company's technology infrastructure, including cloud services, networking, and internal application stack.
• Develop and execute the long-term IT roadmap to support Zócalo Health’s rapid growth and scalability.
• Own and lead the HITRUST certification program, including control implementation, documentation, and audit readiness.

Zócalo Health is a tech-enabled, community-oriented primary care organization serving people who have historically been underserved by the healthcare system. Founded in 2021, Zócalo Health is backed by leading healthcare and mission-aligned investors and is scaling rapidly across states and populations.

• Partner with organizations of all sizes and industries
• Evaluate IT and security controls for compliance and effectiveness
• Advise on security + privacy requirements (state & federal)

Clark Schaefer Hackett provides customized solutions leveraging strategic skills, financial and operational leadership, and technological advances. They are an elite community that includes trusted advisors with Clark Schaefer Hackett, Clark Schaefer Consulting, and Clark Schaefer Strategic HR.

• Oversee the internal cybersecurity program, road map, and strategy.
• Partner with Product, Engineering, Legal, and Compliance leadership to determine risks and deploy risk management processes.
• Serve as Waymark’s HIPAA Security Officer, ensuring compliance with the HIPAA Security Rule.

Waymark is a mission-driven team transforming care for people with Medicaid benefits. They partner with communities, delivering technology-enabled, human-centered support to help patients stay healthy and thrive in Medicaid healthcare delivery.

• Drive vulnerability management activities with cross-functional teams.
• Execute application security testing and lead cyber risk management efforts.
• Oversee remediation of findings from security assessments and testing.

The American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization. They conduct behavioral and social science research and deliver technical assistance to address pressing challenges. They employ data-driven solutions, expanding opportunities and improving lives.

• Execute and improve security controls, manage user and privileged access.
• Run monitoring and response activities, and coordinate recurring program work.
• Work cross-functionally with teammates across IT, Legal, Compliance, and business teams.

Evio is a pharmacy solutions company that was founded by and works closely with health plans to implement transformative initiatives. They have invested heavily in their people, team, and culture, creating a special place to work.

• Serve as the project manager for overall execution and delivery of cybersecurity requirements.
• Coordinate with government leadership and stakeholders to facilitate effective communication.
• Develop and maintain project management plans for the contract lifecycle.

Jobgether is a platform that uses AI-powered matching process to ensure candidate applications are reviewed quickly and fairly. They identify the top-fitting candidates for companies.

• Own and evolve MHN’s enterprise security strategy aligned with business goals and healthcare regulatory requirements.
• Lead security architecture and controls within Microsoft Azure, including identity and access management, network security, encryption, logging, and monitoring.
• Develop and oversee security risk assessments, threat modeling, and vulnerability management programs.

Medical Home Network (MHN) partners with Federally Qualified Health Centers (FQHCs) nationwide to transform care in the safety net, reduce health disparities, and build healthier communities. It is a mission-driven public benefit corporation that helps FQHCs succeed in value-based care through technology, care model innovation, and strong partnerships.