Perform GRC functions and maintain the Cyber Security Risk register.
Execute third party risk processes for cyber and perform/execute on awareness programs and phishing processes.
Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors.
Warner Music Group is a global collective of music makers and music lovers, tech innovators and inspired entrepreneurs, game-changing creatives and passionate team members. They turn dreams into stardom and audiences into fans. WMG is committed to creating a work environment that actively values, appreciates, and respects everyone and encourages applications from people with a wide variety of backgrounds and experiences.
Support CapIntel’s Governance, Risk, and Compliance program
Manage third-party risk and customer security reviews
Support operational security, privacy, and security awareness initiatives
CapIntel is a software platform built for wealth management enterprises to help financial advisors explain complex investment strategies to their clients. Since launching in 2019, CapIntel has seen rapid adoption and industry recognition, earning top placements in Deloitte’s Technology Fast 50 Canada and Fast 500 North America in 2025, ranking us among the fastest -growing technology companies.
Conduct ongoing risk reviews and maintain an up-to-date risk register.
Support risk assessments across critical business processes and systems.
Partner with stakeholders to develop and track risk mitigation plans through resolution.
Radicle Health offers human services software products to foster collaboration and innovation, aiding organizations in better serving communities. They believe technology is crucial for the human services sector's success, housing mission-driven products that support organizations in delivering essential services.
Deploy AI into our GRC processes where appropriate
Smartsheet helps people and teams achieve their goals with seamless work management and scalable solutions. They empower teams to automate manual tasks, uncover insights, and scale smarter, fostering a culture where challenge meets purpose and passion turns into progress.
Own Security Governance: maintain and evolve security policies, standards, and control frameworks.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence, contracting handoffs, ongoing monitoring.
Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The majority of their roles are remote. They offer competitive benefits anchored to the core value of people come first.
Support security and compliance programs aligned with frameworks such as NIST, ISO, PCI DSS, and HIPAA.
Assist in maintaining alignment with global privacy regulations (GDPR, CCPA, and similar frameworks).
Assist in the development, implementation, and maintenance of security, privacy, and AI governance policies, standards, and procedures.
Hims & Hers is a health and wellness platform with a mission to help the world feel great through the power of better health. They are redefining healthcare by putting the customer first and delivering access to care that is affordable, accessible, and personal.
Support all stages of the third-party lifecycle, including vendor intake, onboarding, and risk assessments.
Assist in the implementation, enhancement, and administration of TPRM tools and risk management platforms.
Partner with other risk managers to support the development and use of a consistent risk taxonomy across risk domains.
New American Funding (NAF) is responsible for the governance and oversight of third-party risk. They assess the effectiveness of controls used to identify, monitor, and manage third-party risk throughout the third-party lifecycle.
Responsible for comprehensive information security risk assessments of third-party vendors.
Evaluate vendors to ensure they meet internal information security policies, HIPAA, PCI DSS requirements, and applicable regulatory standards.
Thoughtfully analyze vendor-provided documentation, proactively identify potential risks, and produce detailed and accurate assessment reports.
Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care. They have health centers, programs in schools and communities, and online resources, and are a trusted source of reliable education and information.
Responsible for managing and growing a comprehensive third-party risk management program across the organization.
Ensuring that Privia Health's information assets are safeguarded against cyber threats originating from third and fourth parties.
Leading the Third Party Access Committee (TPAC), driving compliance with regulations and implementing industry best practices for vendor risk management.
Privia Health is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care. The Privia Platform is led by top industry talent and exceptional physician leadership.
Responsible for assessing, monitoring, and managing risks associated with global third-party relationships to ensure compliance.
Supports the Global Head of Third Party Risk by preparing regular metrics and other risk reports.
Facilitates issue escalation and risk acceptance processes to ensure appropriate stakeholders are involved.
Liberty Mutual is an insurance company. At Liberty Mutual, their goal is to create a workplace where everyone feels valued, supported, and can thrive; they achieve this through comprehensive benefits, workplace flexibility, and professional development opportunities.
Mature and execute the enterprise risk management framework.
Lead day-to-day execution of Akoya’s cybersecurity program.
Oversee corporate IT governance in partnership with the IT Systems Administrator.
Akoya is building a secure API-driven open finance network. They value diverse experiences and encourage everyone to apply, especially those who will bring something new to the table.
Maintain documentation for ISO/IEC 27001 & ISO/IEC 42001; improve activities.
Extract security requirements from client MSAs; identify gaps and risks.
Coordinate internal and client audit requests; collect evidence.
Avalere Health's mission is to ensure every patient is identified, treated, supported, and cared for. They bring Advisory, Medical, and Marketing teams together to forge unconventional connections, building a future where healthcare is not a barrier and no patient is left behind.
Conduct structured interviews with partner organizations, operational teams, and technical stakeholders.
Documents end‑to‑end operational workflows and surface implicit, non‑documented practices.
Identify workflow fragility zones, handoff risks, and transition‑period vulnerabilities.
Element serves as a partner at the intersection of innovation and our clients' needs, efficiently crafting meaningful user experiences for government and commercial customers. Our talented professionals bring unparalleled energy engagement, setting a higher standard for impactful work.
Execute and improve security controls, manage user and privileged access.
Run monitoring and response activities, and coordinate recurring program work.
Work cross-functionally with teammates across IT, Legal, Compliance, and business teams.
Evio is a pharmacy solutions company that was founded by and works closely with health plans to implement transformative initiatives. They have invested heavily in their people, team, and culture, creating a special place to work.
Lead and manage the Third Party Findings Management process across key risk impact categories.
Drive the optimization of the Due Diligence and Ongoing Monitoring risk assessment process across regulated and non-regulated Anchorage Digital legal entities.
Lead and manage the TPRM Quality Control process across regulated and non-regulated Anchorage Digital legal entities.
Anchorage Digital is building the world’s most advanced digital asset platform allowing institutions to participate in crypto. The company has over 600 employees and is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa.
Lead enterprise risk assessments across various organizational exposures.
Facilitate risk identification workshops with senior leadership.
Design or mature ERM frameworks, drawing on standards like COSO ERM, ISO 31000, and NIST RMF.
Artemis Connection is a strategic management consultancy working across various sectors, helping clients identify pressing strategic issues and deliver impact through customized, project-based approaches. Their GRC practice assists organizations in navigating complex regulatory environments and building effective risk frameworks.