Third-Party Risk Management (TPRM) Officer ( NYC-Hybrid)


  • Careers
  • Roles
  • Third-Party Risk Management (TPRM) Officer ( NYC-Hybrid)


Before we dive into the role, let’s talk about flexibility. At Zip, our office is in New York City but we can hire from anywhere across the United States. Our Zipsters can choose where and when they work by taking full advantage of our hybrid-work environment.

So whether you’re fully remote, mostly in the office or a mix of the two, you’ll be empowered to do whatever brings out your best.

About us

We are Zip, a global Buy Now, Pay Later company providing fair and seamless solutions that simplify how millions of people pay. Our journey began in Australia, has taken us to 14 countries (so far) - and we’re just getting started.

We exist to create a world where people can live fearlessly today, knowing they’re in control of tomorrow. Focused on product innovation that puts people at the centre, we put the financial well-being of our customers and merchant partners at the heart of everything that we do.

About the role

Reporting to the Enterprise Business Risk Officer, you will establish, implement and maintain a global best-in-class robust, flexible Third-Party Risk Management (TPRM) program to enable Zip’s business strategy with appropriate risk management and oversight in place.

As a key contributor to our second line of defense, you will be responsible for governance and oversight of Zip’s third-party risks and for assessing the effectiveness of the controls in place to identify, assess, monitor, respond to, and manage Zip’s third-party risks throughout the third-party supplier lifecycle.

This role is ideal for a domain expert in Third Party Risk Management with a customer-centric, agile mindset capable of developing approaches that scale.  Collaborating, building influence in cross-functional partnerships, and developing stakeholder relationships across the organization and with third-party providers will be key to success in this role.

What does your day look like?

  • Aid in the build-out and implementation of Zip’s global Third-Party Risk Management program in alignment with stakeholders across Zip and related processes.
  • Drive a holistic and consistent approach to the program and aligning with the Enterprise Risk Management Framework and relevant regulatory guidance adhering to third-party requirements.
  • Leverage experience to evaluate the adequacy, effectiveness and execution of the program and the internal controls; recommending and driving improvements or enhancements in alignment with internal strategies, industry best practices, standard security frameworks, and regulatory guidance
  • Be accountable for oversight of vendor risk assessments, vendor risk methodologies, periodic monitoring, process documentation, risk remediation, and reporting (both internal and external)
  • Conduct vendor performance monitoring and proactively identify issues and work with Zip stakeholders and third-parties as appropriate to track and to remediate risks through closure including assisting the business in creating formal mitigation plans or issues.
  • Contribute to the implementation of tools and automation to support effective management and oversight of third-party risk and mature processes to scale the program globally.
  • Maintain both individual vendor views as well as an aggregate view of risk across all third parties, including linkage to other operational risks for a holistic understanding of the risk landscape.
  • Design, develop and produce monthly TPRM reports that provide a consolidated and detailed view of the tracking and progress surrounding TPRM activities. 
  • Develop Key Performance and Key Risk Indicators and other metrics and regular reporting to measure and track compliance, risk, and the effectiveness of the program including regular and ad hoc reporting to internal as well as external stakeholders such as partners and regulators.
  • Provide support and input for related audits or exams from internal/external parties and collaborate with relevant stakeholders to ensure findings are appropriately remediated.
  • Provide guidance to and work with business leaders and the first line of defense in translating TPRM requirements into practical considerations.
  • Review existing and evolving regulations and craft implementation plans to enhance the framework accordingly.  
  • Support Zip’s commitment to risk management and protecting the confidentiality, integrity and availability of systems and data

To help us level up, you'll ideally have:

  • 4 or more years of Risk/Compliance, Vendor Management, Third-party Risk Management
  • Strong preference for VM/TPRM experience in financial services/consumer banking, fintech (BNPL a plus).
  • Working knowledge of Vendor Management, regulatory compliance (e.g. ISO, SOX, SOC 2, as they relate to TPRM) activities.
  • Demonstrated experience designing, building, and managing vendor management/TPRM programs; performing and leading third-party risk assessments.
  • Excellent interpersonal skills and the ability to work collaboratively across all organizational tiers and build positive working relationships.
  • A strategic mindset paired with a strong bias to action
  • Well versed in the practical implementation of risk and control frameworks to manage non-financial risks in a highly regulated environment
  • Analytical, strategic, and tactical skills with demonstrated experience in working collaboratively in cross-functional/cross-divisional teams to solve cross-functional/cross-divisional problems.
  • Advanced technical skills with Excel and SQL
  • Professional designation (CRCM, CAMS, CIA, or other compliance or audit certifications) is a plus.
  • Our values in your DNA: Customer First, Own It, Stronger Together and Change the Game
We’re proud to be a values-led business. They guide us in everything we do - how we work together and create game-changing experiences for our customers and fellow Zipsters.

If you only meet some of the requirements for this role, that's okay. We value a diverse range of backgrounds and ideas and believe this is fundamental for our future success. So, if you have the curiosity to learn and the willingness to teach what you know, we'd love to hear from you.

We pride ourselves on creating an inclusive workplace that provides equal opportunities to all persons regardless of their age, cultural background, sexual orientation, gender identity and expression, disability, veteran status, or anything else.

What’s in it for you?

We offer a variety of perks and benefits to support you at both work and home. Here’s a taste of what you can expect!

●     Flexible working culture
●     Share incentive programs
●     20 days PTO every year
●     Generous paid parental leave
●     Leading family support policies
●     100% employer covered insurance
●     Beautiful Midtown office with a casual dress code
●     Learning and wellness subscription stipend
●     Company-sponsored 401k match
●     Remote First Friendly!

We want to make sure our recruitment processes are accessible and inclusive for all people. If there's any adjustments that need to be made to ensure you have a fair and equal experience in our recruitment process please let your Talent Acquisition Partner know. We are also a proud 2022 Circle Back initiative employer and commit to respond to every applicant.

Join us on our mission to be the first payment choice, everywhere and every day.
  • New York, NY
  • Full-Time
  • Legal, Risk & Compliance
Apply for this job

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept all cookies”, you consent to the use of ALL the cookies. However, you may visit "Customise settings" to provide a controlled consent.