Senior Director, Operational Risk Management – Third-Party Risk
Flex
Senior Director, Operational Risk Management and Third-Party Risk
Flex
full-time
Posted on:
Location Type: Hybrid
Location: New York City • California, New Jersey, New York • 🇺🇸 United States
Visit company websiteSalary
💰 $283,000 - $312,000 per year
Job Level
Senior
About the role
- Design and implement Flex’s enterprise Operational Risk Management (ORM) framework and operating structure
- Lead the ORM working group and drive programmatic cadences such as risk assessments, remediation planning, and quarterly reviews
- Manage core operational risk activities including process mapping, RCSAs, KRIs, and incident/issue management
- Deliver actionable reporting to senior leadership and serve as central coordination point for operational risk governance
- Own the full third-party risk lifecycle from onboarding through termination across a diverse vendor ecosystem
- Maintain and evolve vendor inventory, tiering methodology, and due diligence standards
- Conduct and review third-party assessments (e.g., SOC reports) and escalate risks when necessary
- Manage residual risk ratings and design scalable ongoing monitoring practices
- Partner cross-functionally with Legal, Security, Finance, CMS, and business stakeholders to ensure vendor engagements meet enterprise risk and regulatory standards
Requirements
- 7–10+ years of experience in risk management, with expertise in operational risk and third-party risk
- Proven track record building and leading risk programs in regulated, high-growth, or technology-forward environments
- Deep familiarity with regulatory frameworks (OCC, NIST, FFIEC)
- Experience working cross-functionally with Legal, Finance, Security, and business teams
- Effective communicator able to synthesize complex issues and influence at all levels of the organization
- Background in consulting or enterprise risk transformation is a strong plus
- Experience managing third-party risk lifecycle, vendor inventory, tiering methodology, due diligence standards, and SOC/control assessments
- Experience with ORM activities: process mapping, Risk and Control Self-Assessments (RCSAs), Key Risk Indicators (KRIs), incident and issue management
Benefits
- Competitive pay
- 100% company-paid medical, dental, and vision
- 401(k) + company equity
- Unlimited paid time off + 13 company paid holidays
- Parental leave
- Flex Cares Program
- Free Flex subscription
- Relocation assistance program (for candidates outside NY/NJ/SF)
ATS Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
operational risk managementthird-party risk managementprocess mappingRisk and Control Self-Assessments (RCSAs)Key Risk Indicators (KRIs)incident managementdue diligence standardsvendor inventory managementSOC reportsregulatory frameworks
Soft skills
effective communicationinfluencing skillscross-functional collaborationleadershipsynthesis of complex issues
