Associate Director, Risk Management

About Flex

Flex is a venture-backed fintech company helping businesses manage and optimize their spend with modern financial products and software. We partner with some of the most innovative companies in the world and operate in a highly regulated, fast-growing environment. As we continue to scale, building best‑in‑class risk and compliance programs is critical to enabling our growth.

The Role

We are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.

You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.

This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.

What You’ll Do

1. Own Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor population
2. Establish and maintain the policies, standards, and governance framework that underpin TPRM across the organization
3. Make risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulators
4. Architect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisions
5. Build signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cycles
6. Design and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughout
7. Drive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the fact
8. Serve as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requests
9. Own the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk posture
10. Proactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issues
11. Help mentor and develop more junior team members as the program and team scale

What We’re Looking For

• 7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance discipline
• Experience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology company
• Demonstrated track record of making and defending risk-based decisions under ambiguity, including exp