Cybersecurity and Third-Party Risk Manager
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Information Security
The Role
About Lord Abbett:
Founded in 1929, Lord Abbett is an independent firm with a singular focus on the management of money. Over the course of our history, we’ve earned a sterling reputation for our leadership, influence, and innovation in the asset management industry. Today, our independent perspective, our commitment to active management, and our intelligent product design continue to make us relevant to individual and institutional investors.
From the very beginning, we’ve recognized that our people are our greatest asset. As an investment-led, investor-focused firm, we value intellectual curiosity, teamwork, and collaboration across the organization.
We’re looking for people with a keen interest in working for a trusted leader in the asset management industry, a desire to expand their knowledge, and a passion for delivering a client experience that exceeds expectations.
Now that you know our history, are you ready to be part of our future?
Job Overview:
Lord Abbett is seeking a Risk Manager tosupportthe Firm’sInformation Security Program ,specifically to
Third-party
Risk Management (TPRM) and Cybersecurityprograms.
The role will be responsible for supporting the execution of the TPRM lifecycle to ensure vendor risk is managed consistently across security, operational resilience, financial and compliance dimensions as well as strengthening the Firm’scybersecurity posture through policy and control oversight, control effectiveness validation, andcollaborationofsecurityinitiatives.
This role requires close coordination across Enterprise Risk Management, Technology, Operations, Compliance, and business stakeholders to maintain an integrated and enterprise-wide resilience posture. The candidate must be capable of operating independently within a Second Line of Defense model while providing structured oversight, credible challenge, and actionable reporting. Responsibilities may intersect with strategic initiatives, regulatory change, digital transformation efforts, and new product or platform implementations.
Strong critical thinking, writing, presenting, and stakeholder management skills are essential. Given the dynamic nature of this role, curiosity to learn about all portions of the business and high responsiveness to internal and external events are extremely important.
Third-Party risk management
- Execute the full TPRM lifecycle: onboarding, due diligence, risk assessment, monitoring, issue remediation, and offboarding.
- Perform vendor risk assessments across information security, operational resilience, financial, compliance, and third-party dependencies; document and risk-rate findings.
- Maintain vendor inventory and workflows within the TPRM/GRC platform; monitor changes in vendor risk posture.
- Manage vendor issues, including remediation tracking and incident escalation coordination.
- Develop reporting and dashboards to communicate vendor risk exposure, trends, and remediation status.
- Partner with Legal and business teams to align TPRM outcomes with contracting, SLAs, and governance; support training and accountability.
Cybersecurity governance & program management
- Provide independent oversight of the information security program, including policies, standards, and control ownership.
- Review and challenge the information security strategy for alignment with risk appetite, regulatory requirements, and emerging threats.
- Support program maturity and consistent control application; contribute to CISO and committee reporting.
- Review cybersecurity incidents, including root cause, remediation, and improvement actions.
- Support incident response planning and exercises.
- Translate technical findings into clear risk insights for technical and non-technical stakeholders.
- Assess control design and effectiveness across infrastructure, applications, cloud, and identity/access management; validate remediation.
- Maintain the cybersecurity risk register and track remediation of high-risk issues.
- Conduct control testing and independent assurance activities.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).