What You'll Do:

• Third-Party Risk Management Program. Ownership of the Third-Party Risk Management Program ("TPRMP"), driving continual improvement, and ensuring robust risk assessment and ongoing monitoring practices for the portfolio of third-party relationships, as well as the systematic reassessment of third-parties within "critical vendor" status.
• Assessment & Classification. Manage the assessment of third-party risk in partnership with the IS (InfoSec) and Legal Departments, and control the vendor classification status using an internally developed framework.
• Efficiency & Best Practices. Identify opportunities for efficiency and effectiveness as well as cost saving by tracking spending, optimizing vendor management mechanisms, and effectively managing risks while minimizing business impact. Plan and coordinate internal programs that leverage vendor risk management best practices to deliver strategic benefits to the business, including communicating with stakeholders to ensure timely renewal or transition where required.
• VMO Clearance. Ensure Vendor Management Office (VMO) clearance for critical vendors through partnership with the IS (InfoSec) and Legal Departments, leveraging strong written and verbal communication and providing status updates to business stakeholders while maintaining ownership of the VMO approval process.
• Reporting and Analytics: Establish and manage risk dashboards and other reports for key stakeholders and help them understand and manage their third-party portfolio from a risk perspective.
• Vendor Remediation Plan Development, Tracking, and Resolution. Develop remediation action/issue management process to ensure timely closure of identified control gaps. Own tracking of findings to ensure remediation plan is sound and timing is reasonable and managed.
• TPRM Program Updates. Leverage Third Party Risk Management expertise, conduct annual updates of Woodruff Sawyer's Third-Party Risk Management Program, including assessment methodology, questionnaire content, risk calculation, and testing/validation procedures.
• Training/Education. Lead the development and creation of training collateral for Vendor Management best practices and responsibilities for internal business unit stakeholders and conduct annual training.
• Systems & Tools. Stay abreast of leading TPRM systems and tools to track TPRM vendors, assessments, reports, and other relevant collateral. Owns TPRM System internally, making recommendations and changes to system and system requirements.
• Reporting Relationship. This position reports directly to the Chief Operating Officer and is responsible for proactively providing updates and inputs to the TPRM program methodology and design balancing the Risk, Security, and Legal Departments' perspectives.

Experience & Qualifications:

• Program expertise in Third Party Risk Management best-practices including industry security, business continuity, and data privacy standards, risk assessment testing procedures, issue management processes, and inherent/residual risk calculations.
• Experience and ability to manage remote teams, train, and coach assessors on internal processes.
• Compelling communicator; demonstrated verbal and written communication skills.
• Detail oriented with strong organizational skills and ability to manage multiple projects effectively.
• Experience in developing and managing remediation action/incident processes, specific reporting, and analytics.
• Ability to communicate and simplify technical concepts for those not familiar with risk management concepts, particularly in the context of business stakeholder training.
• Strong interpersonal skills with the ability to work with staff at all levels.
• Proven thought leadership and ability to provide informal guidance to more junior team members.
• Strong knowledge of Microsoft Office Suite and other business-related software systems including processing systems and applications.
• Bachelor's degree or equivalent.
• Typically, 5-10 years of experience in Supplier Risk or Third-Party Risk assessment.

Who We Are:

As one of the largest insurance brokerage and consulting firms in the US, Woodruff Sawyer protects the people and assets of more than 4,000 companies. We provide expert counsel and fierce advocacy to protect clients against their most critical risks in property & casualty, management liability, cyber liability, employee benefits, and personal wealth management. An active partner of Assurex Global and International Benefits Network, we provide expertise and customized solutions where clients need it, with headquarters in San Francisco, offices throughout the US, and global reach on six continents.

We are a privately held corporation, owned 100% by our employees. Our benefits include:

• Medical, Dental, and Vision coverage
• 401k with company match and profit sharing
• Ownership in the company through our Employee Stock Option Program (ESOP)
• Paid vacation, holidays, and sick days
• Life Insurance, Short-term and Long-Term Disability benefits
• Flexible Spending Account (FSA)
• Wellness programs and workplace flexibility benefits
• Professional development and reimbursement programs
• Added perks like discounted event tickets, pet insurance, financial coaching, identity theft protection, etc.

Woodruff Sawyer is an Equal Opportunity Employer.

Our Equal Employment Policy incorporates our commitment to maintain an environment free of discrimination and to comply with all federal, state and local laws providing equal employment opportunities.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

#LI-REMOTE