Lead, Third Party Risk Management (TPRM)

Role Summary 

The Third Party Risk Management (TPRM) function is responsible for establishing and operating the enterprise framework for identifying, assessing, and overseeing risks arising from third party relationships, including outsourced service providers, banking partners and other critical vendors. The function supports regulatory compliance, operational resilience, and sound risk governance across the full third party lifecycle. 

 

The Lead, Third Party Risk Management is an execution role responsible for delivery of core TPRM oversight activities for higher risk and critical vendors, with a specific focus on third party business continuity and recovery evidence review, vendor related incident monitoring and escalation, and structured review of vendor security assessment materials. The role works in close partnership with Business Continuity, Incident Management, Information Security, Technology, and other risk and business stakeholders to ensure third party risk issues are consistently documented, escalated where required, and driven to closure through defined governance processes. 

 

Primary Duty and Responsibilities 

• Provide oversight for third party risk activities related to higher risk and critical vendors, ensuring consistent application of TPRM standards across business continuity, incident management, and security review domains. 

• Map third parties to the processes and services they support, in order to enable appropriate application of risk controls, resilience requirements, and regulatory oversight for the most critical vendors supporting critical services.  

• Coordinate and oversee third‑party business continuity evidence review (e.g., BCP ownership/maintenance, recovery objectives, recovery approach) and ensure identified gaps are escalated through the defined pathway.  

• Drive delivery management across assigned TPRM initiatives and workstreams, including planning, dependency management, progress tracking, and issue resolution, to ensure timely and consistent execution of TPRM priorities.  

• Oversee third‑party incident monitoring and escalation tracking, ensuring incidents are appropriately documented, routed to relevant stakeholders, and driven to resolution with clear ownership and audit-ready records 

• Perform and support structured review of vendor security assessment materials for higher‑risk vendors, including SOC reports, security questionnaires, certifications, and control evidence, synthesizing findings into clear outcomes and required follow‑up actions.  

• Partner closely with Business Continuity, Incident Management, IT, Procurement, and other business stakeholders to ensure third‑party risk issues are effectively integrated into governance processes and resolved through defined escalation paths. 

• Contribute structured inputs to management‑level reporting on third‑party risk posture, incident trends, and remediation progress, supporting effective oversight and decision‑making. 

• Perform additional duties as required to support the Third‑Party Risk Management team and enhance Payoneer’s enterprise resilience and risk management capabilities. 

Education and/or Experience 

• Bachelor’s degree required; preferred background in IT, business or law. 

• 5-7 years of experience in Third Party Risk Management, Vendor Management, Risk Management, GRC, or related fields. 

 

Qualifications 

• Experience operating in a regulated, multinational environment with governance and audit expectations. 

• Strong judgment and ability to make decisions across operational and technology related risk topics 

• Demonstrated ability to lead cross‑functional execution, prioritize work, and unblock dependencies. 

• Clear executive communication and ability to produce decision‑focused materials for governance forums. 

• Proven ability to structure work, prioritize effectively, and engage senior stakeholders 

• Clear and concise communication skills suitable for management and governance forums 

• Able to operate independently and influence stakeholders across functions and regions. 

 

Technical Skills 

• goaidata