Program Manager, Third Party Risk Management
Gusto
About Gusto
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 300,000 businesses nationwide.
Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about our Total Rewards philosophy.
About the Role:
Gusto is searching for an experienced Program Manager who will be tasked with leading Third Party Risk Management (TPRM) efforts at Gusto, identifying and reducing risks associated with working with third parties. Third parties can include suppliers, product partners, contractors, service providers, and cloud service providers. This role will report directly to the Head of Source to Pay function at Gusto and will be responsible for establishing and maintaining a third party risk management framework across a diverse, cross-functional team of stakeholders.
About the Team:
The Source to Pay (S2P) function at Gusto comprises Procurement, Accounts Payable, Travel & Expense and recently launched TPRM program. Reporting into the CFO organization, S2P is integral to enabling internal stakeholders procure products and services at the best quality/value while at the same time, managing supplier relationships and risk due diligence for Gusto.
Here’s what you’ll do day-to-day:
- Facilitate communication between strategic third parties and internal stakeholders to ensure alignment on risk management objectives and expectations.
- Conduct periodic audits and reviews of third-party compliance with contractual obligations and regulatory standards to ensure ongoing adherence.
- Stay updated on industry regulations and standards, incorporating changes into the third-party risk management process to maintain compliance.
- Prepare detailed reports on third-party risk assessments, mitigation strategies, and compliance status for senior management and stakeholders to ensure transparency and informed decision-making.
- Maintain comprehensive documentation of all third-party risk management activities, including risk assessments, audit findings, and corrective actions to ensure accountability and traceability.
- Participate in professional development activities to stay current with industry trends and advancements in third-party risk management.
- Collaborate with external partners and industry groups to share best practices and enhance the effectiveness of the third-party risk management program.
- Implement technology solutions to streamline third-party risk management processes, enhancing efficiency and accuracy.
Here’s what we're looking for:
- 8+ years of experience in a high-tech company or similar industry, with a strong foundation in Third Party Risk Management (TPRM) programs.
- Deep knowledge of all aspects of Third Party Risk Management, including a strong understanding of regulatory requirements and experience with risk domains related to TPRM, such as Privacy, Information Security, Compliance, operational risk, geopolitical risk, and supply chain risk.
- Familiarity with relevant frameworks and standards, including ISO and NIST, as well as laws and regulations such as GDPR and CCPA/CPRA.
- Experience with program or project management, including supporting long-term strategy consisting of multiple smaller projects, defining program strategy, and establishing metrics for success.
- Excellent negotiating skills with a strong ability to read, analyze, and interpret legal documents.
- Proficiency with tools like Coupa, Ironclad, and NetSuite is preferred.
- Strong attention to detail, along with excellent organizational and communication skills, enabling effective collaboration across functions.
- Effective analytical, problem-solving, planning, and project management skills, with the ability to build and maintain strong cross-functional relationships.
Our cash compensation range for this role is $127,000/yr to $157,000/yr in San Francisco and New York. Final offer amounts are determined by multiple factors, including candidate location, experience and expertise, and may vary from the amounts listed above.
Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.
Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas.
When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required.
Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you require assistance in filling out a Gusto job application, please reach out to [email protected].
Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer.