Senior Manager, Third Party Risk

ID.me

McLean, VA

#5913357003

Position summary

al access and inclusion for all people. The company offers multiple pathways to identity verification - online self-serve, live video chat agents, and in person. ID.me is passionate about building a robust identity network that does not compromise access for traditionally underserved groups.

ID.me has received numerous awards including Deloitte's 2023 Technology Fast 500, Washington Business Journal's Fastest Growing Companies, Entrepreneur Magazine's 100 Brilliant Companies and Wall Street Journal's Startup of the Year finalist. In recent quarters, ID.me announced it raised $132 million in Series D funding, led by Viking Global Investors with participation from CapitalG, Morgan Stanley Counterpoint, FTV Capital, PSP Growth, Auctus Investment Group, Moonshots Capital, and Scout Ventures. ID.me's most recent round brings the total investment in ID.me to over $275 million since its founding in 2010.

Role Overview

The ID.me security team is looking for a proven Senior Manager of Third Party Risk. As an individual contributor, the Senior Manager will help drive and implement the risk management practices to maintain rigor over supply chain security operations. Activities include roadmap design, control design, assessment operations, and key metrics. This role will collaborate with teams across the company to assess and manage risks when using third and fourth parties. This position will perform critical operations as part of procurement and customer assurance.

This is a multifaceted role that combines project management, delivery management, and systems analysis responsibilities. The role embodies strategic thinking with tactical execution to enhance the customer experience, business resiliency, and promote a rationalized technology footprint.

Responsibilities

  • Work cross functionally with Security, IT, Engineering, Product, and Finance to evaluate vendors and assess supply chain risks.
  • Keep detailed assessment records and ERM control mappings to vendor operations in a high volume environment
  • Own responding to customer assurance requests such as security questionnaires, security reviews and similar engagements.
  • Performing control based assessments of vendor documentation (SOC 2) or industry standard customer questionnaire (CAIQ, SIG CORE or SIG LITE)
  • Understanding of MITRE System of Trust (SoT) Framework
  • Direct enablement of Sales opportunities by participating in RFP, RFI, contracts and other sales opportunity deliverables
  • Run engagements with customer auditors educate and demonstrate compliance
  • Communicate effectively and proactively with management ideas and recommendations for optimizing business operations, resources and capacity to meet internal and external compliance goals
  • Develop and propose key program performance and risk metrics
  • Create and mature procedural documentation, including training materials or process documentation

Qualifications

  • BA or BS in a technical field or equivalent experience
  • 5+ years of program management experience
  • 3+ years of experience for end-to-end management of third party risk programs
  • 3+ years of experience with major compliance audits (FedRAMP, SOC 2, HIPAA, etc.)
  • Owner and builder of risk management processes. Ability to own finding and fixing issues with no supervision.
  • Familiar with SaaS product design and cloud architecture.
  • Deep understanding of common business processes and functions in enterprise environments
  • Prior experience automating audit evidence collection
  • Excellent verbal, written and interpersonal communication skills with both technical and non-technical audiences
  • CCSP, CISSP, CISA, and similar certifications are a plus

At ID.me, we believe that an in-office culture fosters professional growth and development, mentorship, collaboration, and accelerated innovation. This position will be in-office based at one of our locations in either McLean, VA or Sunnyvale, CA. Working in an office together allows our culture to thrive and our team members to establish real connections with their coworkers and the opportunity for lifelong friendships. Our work is critical to protecting online identity and we're confident that working together is how we'll change the world. #LI-JS1

The annual base salary listed below for this role is based on experience, skills, education, relevant training and geographic location. Company bonus, incentive for sales roles, equity, and benefits are available depending on the role.

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

The above represents the anticipated total rewards package for this job requisition. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.

Pay Range

$158,926-$196,924 USD

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.