Director of Third Party Governance & Awareness

Director of Third Party Governance & Awareness

Requirements

• 10+ years of experience leading teams and driving top-down, critical initiatives.
• Experience in inspiring change and leading a large-scale Risk Management framework in a large, fast-paced technology company.
• A deep understanding of the different risk domains pertaining to third parties (e.g., Information Security, Privacy, Compliance, etc.) and their unique requirements.
• Experience optimizing risk management or large scale transformational programs for efficiency.
• Strong experience addressing senior-level leadership and the ability to collaborate and lead cross-functional teams and initiatives.
• Familiarity with risk frameworks (e.g., NIST Risk Management Framework – SP 800-53) and basic awareness and understanding of software supply chain security standards, such as Google’s SLSA, NIST SSDF, and the CIS Benchmark.

Responsibilities

• Champion and advocate for program maturity and development with key partners across the organization, ensuring alignment with Adobe’s overall third-party strategy.
• Manage TPRM leadership and governance forums.
• Deliver on the program strategy and Steering Committee objectives, optimize the risk identification and mitigation plan for new and existing vendors, benchmark an initial organizational risk tolerance and threshold, and identify relevant regulatory requirements.
• Establish clear program metrics, Service Level Agreements (SLAs), and Key Performance Indicators to manage program performance. Use metrics to identify risk areas and opportunities and assess the health of the third-party population.
• Regularly assess processes, procedures, tools, and technology integrations.
• Drive improvements that optimize processes, increase compliance, and enhance cross-functional insights.
• Develop and improve Standard Operating Procedures, policies, and other program documentation to define clear roles and responsibilities.
• Manage the third-party risk management control requirements and framework.
• Lead the creation and execution of awareness programs to educate internal stakeholders on third-party risk management practices.
• Stay current with industry trends and best practices in third-party risk management and incorporate them into Adobe’s third-party risk practices.
• Establish a risk-based approach to TPRM that ensures risk management activity is commensurate with the level of risk applicable for a given third party.
• Coordinate risk management activities and establish clear roles, responsibilities, and ownership.
• Lead and report on SLAs, quality, effectiveness, compliance, and efficiency of TPRM activities completed throughout the lifecycle.
• Establish a feedback model to collect and assess recommendations from end users and implement continuous operational improvements.

Preferred Qualifications

• Certifications such as CISSP, CRISC, CISM, and PMP preferred.