Staff Cyber Risk Program Manager (TPRM)

**Candidates note: This is 100% remote position for candidates based in the US (EST/CST time zones preferred).

As a Staff Security Program Manager at EDB, you will play a key role in transforming security controls to drive business growth while reducing risk. You will lead control design reviews, implementation, and automated auditing across multiple security frameworks. You will also oversee cyber risk management, business impact analysis, and third-party risk programs.

This role is ideal for candidates seeking autonomy, influence in security transformation, and a dynamic global environment. If you're ready to shape EDB’s evolving security program, we want to hear from you!

Your impact will be:

• Own the full lifecycle of EDB’s Third-Party Risk Management (TPRM) program, including policy development, operational execution, continuous monitoring, and enhancements.
• Assess and monitor vendor security risks, conducting annual reviews and continuous monitoring activities.  
• Work with vendor owners to ensure proper security controls are understood and implemented when onboarding and deploying new vendors.
• Evaluate third-party risks in new products, directory applications, integrations, partners, and services, ensuring alignment with EDB’s security and compliance requirements..
• Support EDBs Cyber Risk Management Framework by conducting risk assessments using EDB’s common control framework against a combination of infrastructure, development, and business domains
• Identify risk findings, gaps and deficiencies in EDB’s  existing control set, guiding control owners towards effective implementation and remediation of controls. 
• Improve operational risk management with engineering teams, prioritizing security debt reduction through strategic investment into risk remediation..

What you will bring:

• Proven experience in Third-Party Risk Management (TPRM), including policy development, vendor assessments at all levels, and continuous monitoring of organizations vendor attack surface. 
• Experience conducting technical security control analysis in regulated environments, ensuring compliance with industry standards.
• Ability to identify, assess, and monitor vendor security risks, including continuous monitoring of portfolio.
• Proficiency in asset discovery across data, systems, and cloud/on-prem environments using a variety of tools and methodologies.
• Expertise in auditing security objectives for one or more frameworks: SOC 2, PCI, HIPAA, FedRAMP (800-53), ISO 27001.
• Strategic thinker with the ability to self-start solutions, drive program growth, and enhance security maturity.
• Strong communication skills with the ability to translate technical security concerns into business risks.
• Ability to manage and optimize security controls while driving program improvements and operational execution.
• Demonstrated ability to balance long-term security initiatives with day-to-day operational needs, supporting stakeholders across EDB.

What will give you an edge:

• Expertise building Third-Party Risk Management (TPRM) frameworks such as NIST 800-161, ISO 27036, including vendor risk scoring models and continuous monitoring best practices.
• Knowledge of the MITRE ATT&CK Framework, attack chains and attack path mapping
• Experience in the public sector managing NIST programs or requirements.
• Experience leading complex asset discovery and inventory projects for large vendor portfolios, ensuring accurate tracking, ownership, and security oversight.

Compensation Range (DOE/Location)= $170-$190k base salary + annual variable bonus