IT Manager, Vendor Risk Management

Join Delta IT on our journey to becoming the best IT organization in the airline industry.

Delta IT is on a journey of transformation. We are changing the way we do business from top to bottom. As thought leaders within Delta, we strive to create meaningful and innovative solutions and are looking for team members to help us realize our vision. Delta IT employees are thinkers, doers, innovators. We are proactive, collaborative and deliver impact to our customers.

Join us on our transformation journey in becoming a world-class IT organization at the world’s best airline!

• Provide leadership and oversight to a high performing team of Information Security professionals to ensure the confidentiality, integrity, and availability of information.
• Oversee the Vendor Risk Management program, ensuring alignment with enterprise risk and compliance objectives.
• Effective executive communication on vendor risk with the ability to simplify complexity.
• Develop and maintain VRM policies, procedures, and governance frameworks.
• Drive continuous improvement initiatives, including automation and integration of risk tools.
• Gain and maintain knowledge of existing and emerging supply chain risks and adjust the program to address/minimize these risks.
• Conduct performance evaluations and provide feedback, coaching, mentoring and training to develop employee performance.

• Lead the team in conducting inherent and residual risk assessments for new and existing vendors.
• Implement continuous monitoring capabilities to track vendor risk posture in real time.
• Ensure timely remediation of identified risks and findings in partnership with vendors and internal stakeholders.

• Collaborate with Supply Chain, Legal, and business units to embed security requirements into contracts and onboarding workflows.
• Provide risk insights and recommendations to senior leadership for informed decision-making.
• Serve as the primary point of escalation for vendor risk issues.

• Deliver regular reports on vendor risk status, trends, and remediation progress to leadership and audit committees.
• Establish KPIs and dashboards to measure program effectiveness.

• Manage and mentor a team of vendor risk analysts, fostering professional growth and collaboration.
• Promote a culture of accountability, innovation, and continuous learning.
• Lead with integrity and a positive attitude.
• Perform special projects as assigned, while effectively managing time with competing priorities.

• 7+ years of experience in vendor risk management, third-party risk, or IT security, with at least 3 years in a leadership role.
• Skill in conducting Information Security assessments of vendors/third parties.
• Strong knowledge of regulatory requirements (PCI DSS, SOX, HIPAA) and risk frameworks (NIST, ISO 27001).
• Experience with GRC platforms and continuous monitoring tools (e.g., Archer, Bit Sight).
• Effectively communicates Information Security risks to technical and non-technical stakeholders, offers actionable options, and drives resolutions that balance business needs with risk reduction.
• Ability to lead and mentor direct reports and colleagues, and support leadership directives.
• Proactive in nature with customer satisfaction as a primary goal.
• Excellent written and verbal communication skills with a demonstrated ability to develop and maintain relationships.
• Strong sense of urgency, accountability, and ownership.
• Consistently prioritizes safety and security of self, others, and personal data.
• Embraces diverse people, thinking, and styles.
• Possesses a high school diploma, GED, or high school equivalency.
• Is at least 18 years of age and has authorization to work in the United States.

• Bachelor's degree in information security, risk management, or related field.
• Professional certifications such as CISSP, CISM, and CRISC.
• Experience with RSA Archer or equivalent GRC tool.
• Ability to influence and drive change across…