Sr. Manager, Third Party Security
Apply NowCompany: Simpson Thacher and Bartlett LLP
Location: New York, NY 10025
Description:
The Senior Manager, Third Party Security, will lead the Firm Third Party Security program. The person in this role will be responsible for, for identifying, assessing, monitoring, and mitigating risks associated with vendors, suppliers, and service providers across the globe. The candidate will ensure that third parties comply with Firm Information Security policies, regulatory and compliance requirements, and industry best practices.
The ideal candidate is an experienced risk management professional with a strong background in third party assessments, regulatory compliance, and third-party risk governance. They will possess deep knowledge of industry frameworks such as NIST, ISO, and SOC, along with strong analytical skills, attention to detail, and the ability to collaborate cross-functionally with legal, procurement, Vendor Management Office, and IT security teams. Exceptional communication skills are required to effectively engage with third parties and internal stakeholders, ensuring that risk mitigation strategies are clearly understood and implemented.
Responsibilities
Education
Skills & Experience
Salary Information
NY Only: The estimated base salary range for this position is $190,000 to $220,000 at the time of posting.
The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.
Privacy Notice
For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.
Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, gender identity or expression, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, veteran's status or any other legally protected status. This Policy pertains to every aspect of an individual's relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.
#LI-Hybrid
The ideal candidate is an experienced risk management professional with a strong background in third party assessments, regulatory compliance, and third-party risk governance. They will possess deep knowledge of industry frameworks such as NIST, ISO, and SOC, along with strong analytical skills, attention to detail, and the ability to collaborate cross-functionally with legal, procurement, Vendor Management Office, and IT security teams. Exceptional communication skills are required to effectively engage with third parties and internal stakeholders, ensuring that risk mitigation strategies are clearly understood and implemented.
Responsibilities
- Oversee and continuously improve the Firm's third party security program, including the third party security framework, policies, procedures, and controls.
- Perform information security due diligence during vendor onboarding and renewal processes.
- Conduct risk assessments on third parties, identifying cybersecurity, data privacy, and compliance risks.
- Develop and implement strategies to mitigate identified risks, working closely with third parties and internal stakeholders to address security gaps
- Maintain a third party risk register and track mitigation efforts for identified security risks.
- Work closely with data privacy, legal, and IT teams to integrate security requirements into third party contracts and agreements.
- Develop and maintain a continuous monitoring program to track vendor security posture and follow up on third party vulnerabilities and security risks.
- Ensure compliance relevant regulatory and industry requirements e.g., GDPR, ISO 27001, NIST, SOC 2).
- Evaluate third party security controls across key domains such as data privacy & protection, access management, encryption, and incident response.
- Provide recommendations for mitigating and/or compensating controls and strategies in areas of non-compliance.
- Work with internal security teams to investigate and respond to third party-related security incidents.
- Define and implement escalation procedures and remediation requirements for third party security breaches.
- Present findings, trends, and highlighted risks to senior management and leadership
- Develop exit strategies and procedures for third party termination
Education
- Bachelor's degree or related experience required.
- Professional certifications, such as CISSP, CRISC, CISM, CISA, ISO 27001 Lead Auditor/Implementer preferred.
Skills & Experience
- 10+ years of experience in information security, with at least 5 years of experience in third party risk management
- Strong understanding of cybersecurity frameworks (NIST, ISO 27001, SOC, CIS Controls)
- Strong understanding of compliance regulations (GDPR, CCPA, HIPAA)
- Working knowledge of common security concepts, including identity and access controls, firewalls, APIs, vulnerabilities (CVE), and software supply chain risks. Hands-on experience with TPRM tools such as OneTrust, Archer, Prevalent, Process Unity, Venminder, BitSight, SecurityScorecard, etc.
- Familiarity with SIG, SIG-Lite, and other third-party assessment frameworks
- Ability to analyze vendor security documentation, audit reports, vulnerability scans, and penetration test results
- Strong communication and negotiation skills to work with internal teams and external third parties.
- Must be able to work collaboratively in a team environment and independently
- Ability to handle sensitive and/or confidential material and information with suitable discretion
Salary Information
NY Only: The estimated base salary range for this position is $190,000 to $220,000 at the time of posting.
The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.
Privacy Notice
For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.
Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, gender identity or expression, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, veteran's status or any other legally protected status. This Policy pertains to every aspect of an individual's relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.
#LI-Hybrid