Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
NightOwl Consulting

Third-Party Risk Manager

NightOwl Consulting

Third-Party Risk Manager managing vendor risk assessment, due diligence, and compliance in a financial services company. Responsible for oversight of vendor relationships and risk management policies.

Posted 6/21/2026full-timeRemote • 🇵🇭 PhilippinesMid-LevelSenior💰 ₱120,000 - ₱160,000 per monthWebsite

About the role

Key responsibilities & impact
  • Determine the inherent risk tier (Tier 1, Tier 2, or Tier 3) for every third party prior to contracting or engagement, consistent with the criteria defined in TPRM02.
  • Perform and document inherent risk assessments during onboarding, according to the policy reassessment schedule (annual for Tier 1 and bi-annual for Tier 2 vendors), and whenever a material change occurs in the vendor relationship.
  • Administer the due diligence process, including the issuance and evaluation of vendor due diligence questionnaires (DDQs), SOC 1 and SOC 2 reports, financial statements, insurance certificates, business continuity and information security documentation, and licensing or regulatory standing.
  • Maintain the authoritative third-party inventory, including assigned risk tier, services provided, data classification, system access, contract status, and all supporting documentation.
  • Administer the Company’s vendor management software platform, including profile setup, document collection, workflow configuration, expiration tracking, contract repository management, and audit history maintenance.
  • Monitor all vendors, contractors, and third-party counterparties against the FHFA Suspended Counterparty List (SCL) prior to engagement and on a recurring monthly basis; immediately escalate any matches to General Counsel and Compliance.
  • Coordinate contract reviews with Legal to ensure all required clauses are included, including information security, confidentiality, audit rights, subcontracting, breach notification, business continuity, termination, and return or destruction of data provisions.
  • Track and report vendor incidents, performance issues, breaches, and remediation activities; communicate findings to business owners and escalate material concerns to the Risk Management Committee.
  • Maintain documentation of vendor reviews, due diligence activities, identified risks, and required remediation efforts; provide training to business owners on intake and approval workflows.
  • Administer the vendor termination process, including coordination of the return of Company property and the return or destruction of Company data and information in accordance with legal and regulatory requirements.
  • Document and route policy exceptions for approval by the Third-Party Risk Manager and, when required, the Risk Management Committee.
  • Prepare periodic TPRM reporting and performance metrics for senior leadership, the Risk Management Committee, internal audit, external examiners, investors, and warehouse lenders.
  • Support audits and regulatory examinations by producing vendor inventories, risk assessments, due diligence files, and program documentation upon request.
  • Coordinate with the AI Governance Committee on due diligence and risk tiering activities related to third-party AI solutions and AI-enabled vendor features, consistent with RAIG01 Section 10.
  • Lead the annual review of the Third-Party Risk Management Policy (TPRM02) and recommend revisions for approval.
  • Perform other duties and responsibilities as assigned.

Requirements

What you’ll need
  • Minimum of five (5) years of experience in third-party risk management, vendor management, operational risk, compliance, or audit, with demonstrated day-to-day ownership of a formal risk management program.
  • Minimum of five (5) years of experience within a regulated financial services environment; mortgage industry experience is strongly preferred.
  • Minimum of five (5) years of management, team leadership, or program leadership experience with responsibility for driving program execution, stakeholder engagement, and risk oversight.
  • Working knowledge of the regulatory landscape applicable to independent mortgage banks, including FHFA, CFPB, HUD, GLBA, state licensing authorities, GSE (Fannie Mae and Freddie Mac) seller/servicer requirements, and secondary market investor and warehouse lender expectations.
  • Demonstrated ability to evaluate SOC 1 and SOC 2 reports, information security questionnaires, financial statements, insurance coverage, and business continuity documentation, and translate findings into clear and well-supported risk decisions.
  • Experience administering a vendor management software platform such as VendorRisk.com, Venminder, ProcessUnity, Archer, or a comparable solution.
  • Strong understanding of inherent risk, residual risk, risk mitigation strategies, and the role of compensating controls within an effective risk management framework.
  • Excellent written and verbal communication skills, with the ability to brief executive leadership, prepare findings that withstand examiner and audit scrutiny, and explain risk decisions to non-technical business stakeholders.
  • Strong project management and organizational skills, with the ability to manage recurring assessment schedules across a large vendor population while maintaining accuracy and timeliness.
  • Solid working knowledge of Microsoft 365 applications, including Excel, Word, Outlook, Teams, and SharePoint, for reporting, documentation, file management, and collaboration.
  • Demonstrated discretion and sound judgment when handling non-public personal information (NPI), confidential vendor information, contractual terms, and other sensitive business data.

Benefits

Comp & perks
  • - Above market salary
  • - HMO on Day 1 for principal and two dependents
  • - Government-mandated benefits
  • - Performance-based Incentives
  • - Quarterly Company Events
  • - 1,000 PHP De Minimis
  • - Equipment and software provided

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
third-party risk managementvendor managementoperational riskcomplianceauditrisk assessmentsrisk mitigation strategiesSOC 1 reportsSOC 2 reportsfinancial statements
Soft Skills
team leadershipstakeholder engagementcommunication skillsproject managementorganizational skillsdiscretionsound judgment