×
Register Here to Apply for Jobs or Post Jobs. X

Third Party Risk Management Capability Lead

Job in Newport Beach, Orange County, California, 92659, USA
Listing for: Pacific Asset Management, LLC
Full Time position
Listed on 2026-07-11
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 113490 - 138710 USD Yearly USD 113490.00 138710.00 YEAR
Job Description & How to Apply Below

Job Description

The Third Party Risk Management (TPRM) Capability Lead is a senior individual contributor responsible for governing and overseeing Pacific Life’s enterprise TPRM program within the 2nd line of defense, with clear accountability for the design, maintenance, and enforcement of policies, standards, and control frameworks. This role ensures robust cybersecurity, resilience, and third party due diligence practices are consistently applied and aligned with regulatory expectations, while driving continuous enhancement of governance structures supporting third party outsourcing risk.

This is a hybrid role (4 days per week onsite) in our Newport Beach, CA office. Operating with a high degree of autonomy, the TPRM Lead leverages deep subject matter expertise to oversee risk assessment, due diligence, and ongoing monitoring activities, with particular emphasis on cybersecurity controls, data protection, and critical vendor dependencies. The role partners closely with procurement, legal, information security, and business leaders to ensure risks across third and fourth party relationships are appropriately identified, governed, and mitigated.

As a trusted advisor, this role provides independent challenge and oversight to the first line of defense, ensuring adherence to established policies and control expectations while managing complex deliverables end‑to‑end. The position operates with minimal supervision within a team of approximately 35 professionals in Operational Risk & Resilience, part of Enterprise Risk Management, and collaborates closely with Service Owners, Service Managers, Service Leads, Capability Leads, and OR&R liaisons supporting effective first line execution.

How

you will make an impact
  • Govern and enforce adherence to TPRM policies, standards, and control frameworks across the enterprise.
  • Ensure alignment with applicable regulatory expectations (e.g., NAIC, state DOI) and industry standards (e.g., NIST, ISO, Shared Assessments).
  • Oversee and challenge third party due diligence reviews that span cybersecurity, data privacy, business continuity, financial, and operational risk elements.
  • Partner with the 1st line of defense to identify control gaps, assess residual risk, and ensure timely development and execution of risk treatment plans.
  • Escalate material risks, control deficiencies, and vendor issues through established governance and risk committee structures.
  • Develop and deliver executive and committee level reporting on third party risk exposure, trends, and emerging third party risks.
  • Serve as a trusted advisor to the business while providing effective 2nd line challenge to ensure appropriate risk based decisions.
  • Leverage industry best practices and external insights to strengthen governance, oversight, and program maturity.
The experience you will bring
  • Bachelor’s degree or equivalent professional experience.
  • Minimum 5+ years of experience in third‑party risk management, operational risk, information security risk, or related GRC disciplines.
  • In‑depth knowledge of TPRM frameworks, lifecycle practices, and regulatory expectations.
  • Strong understanding of interconnected risk domains (cybersecurity, privacy, business continuity, and vendor operational risk).
  • Proven ability to solve complex problems using both conceptual and practical approaches.
  • Demonstrated ability to operate independently with minimal guidance and sound judgment.
  • Experience in financial services, preferably life insurance or annuities.
  • Familiarity with industry frameworks and standards (e.g., NIST CSF, ISO 27001/22301, Shared Assessments SIG/VRMMM).
  • Relevant professional certifications (e.g., CRVPM, CISA, CRISC, CISSP, CTPRP) and experience with TPRM platforms/continuous monitoring tools.
  • Strong competencies in analytical thinking, stakeholder influence, communication, and driving continuous improvement.
  • 5+ years of relevant experience in business resilience, business continuity, or operational resilience.
What will make you stand out
  • Demonstrated governance mindset, with proven ownership of TPRM policies, standards, and control frameworks, and ability to enforce consistent adherence across the enterprise.
  • Bring deep…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary