Director, Third-Party Risk Management

Our Company

Explore how you can contribute at AmeriLife.

For over 50 years, AmeriLife has been a leader in the development, marketing and distribution of annuity, life and health insurance solutions for those planning for and living in retirement.

Associates get satisfaction from knowing they provide agents, marketers and carrier partners the support needed to succeed in a rapidly evolving industry.

Job Summary

Reporting to the Senior Director of IT Risk, the Director of Third-Party Risk is a senior role responsible for the administration of the organization’s Third-Party Risk Management (TPRM) program. This position ensures that all vendors and third-party service providers meet the company’s information security, compliance, and risk standards. The Director will drive vendor risk assessments, manage the third-party risk lifecycle, ensure regulatory compliance, and facilitate collaboration with key internal stakeholders to protect the enterprise’s interests.

Job Description

Key Responsibilities

• TPRM Program Leadership: Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
• Vendor Risk Assessments: Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
• Third-Party Lifecycle Management: Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
• Stakeholder Collaboration: Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
• Risk Monitoring & Reporting: Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
• Team Leadership: Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.

Required Qualifications

• TPRM Program Leadership: Develop and maintain a comprehensive third-party risk management program, including policies, procedures, and governance frameworks to manage risks throughout the vendor lifecycle.
• Vendor Risk Assessments: Lead and oversee the risk assessment and due diligence process for new and existing vendors/partners, evaluating security controls, data protection practices, financial stability, and compliance postures.
• Third-Party Lifecycle Management: Manage the end-to-end third-party lifecycle, from vendor selection and onboarding through ongoing monitoring, performance review, and offboarding.
• Stakeholder Collaboration: Collaborate with cross-functional teams (including IT, Information Security, Legal, Compliance, Procurement, and Affiliates) to integrate third-party risk considerations into contracts, procurement processes, and ongoing vendor management activities.
• Risk Monitoring & Reporting: Responsible for the continuous optimization of all TPRM procedures and Key Risk Indicators (KRIs), including enhanced utilization of the firm's TPRM software platform to maximize automation and effectiveness.
• Team Leadership: Build and lead a small team of risk analysts, providing direction, mentorship, and performance management to ensure effective execution of the TPRM program. Foster a risk-aware culture and high standards of professionalism within the team and across stakeholder groups.

Preferred Qualifications

• Certifications: Professional certifications such as CISM, CISA, CRISC, or Certified Third Party Risk Professional (CTPRP).
• Industry Experience: Experience in a highly-regulated industry (e.g., financial services, insurance, healthcare) or within a large enterprise environment is highly desirable.
• Program Development: Demonstrated experience designing or maturing a third-party risk management program, including implementing vendor risk management tools or technologies.
• Additional Skills: Familiarity with risk management software (e.g., GRC/ServiceNow platforms) and advanced data analysis or reporting tools is a plus.

What AmeriLife Offers

A comprehensive benefits package that includes PTO, medical, dental, vision, retirement savings, disability insurance, and life insurance.

Equal Employment Opportunity Statement

We are an Equal Opportunity Employer and value diversity at all levels of the organization. All employment decisions are made without regard to race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), sexual orientation, gender identity or expression, age, national origin, ancestry, disability, genetic information, marital status, veteran or military status, or any other protected characteristic under applicable federal, state, or local law. We are committed to providing an inclusive, equitable, and respectful workplace where all employees can thrive.

Americans with Disabilities Act (ADA) Statement

We are committed to full compliance with the Americans with Disabilities Act (ADA) and all applicable state and local disability laws. Reasonable accommodations are available to qualified applicants and employees with disabilities throughout the application and employment process. Requests for accommodation will be handled confidentially. If you require assistance or accommodation during the application process, please contact us at HR@AmeriLife.com.

Pay Transparency Statement

We are committed to pay transparency and equity, in accordance with applicable federal, state, and local laws. Compensation for this role will be determined based on skills, qualifications, experience, and market factors. Where required by law, the pay range for this position will be disclosed in the job posting or provided upon request. Additional compensation information, such as benefits, bonuses, and commissions, will be provided as required by law. We do not discriminate or retaliate against employees or applicants for inquiring about, discussing, or disclosing their pay or the pay of another employee or applicant, as protected under applicable law. Pay ranges are available upon request.

Background Screening Statement

Employment offers are contingent upon the successful completion of a background screening, which may include employment verification, education verification, criminal history check, and other job-related inquiries, as permitted by law. All screenings are conducted in accordance with applicable federal, state, and local laws, and information collected will be kept confidential. If any adverse decision is made based on the results, applicants will be notified and given an opportunity to respond.