Third Party Compliance Manager

MediaAlpha is hiring a Third-Party Compliance Manager to build and lead our enterprise-wide vendor and ecosystem security program. This individual contributor role will own day-to-day TPRM operations, working hands-on to define strategy and execute across our three core focus areas: maintaining an inventory of third-party tools and platforms, verifying vendors are implemented according to security requirements, and conducting security reviews of new and existing solutions. You'll partner closely with Security, Privacy, Legal, Compliance, Engineering, Revenue Operations, and IT leaders.

As the primary hands-on operator, you'll coordinate security assessments and vendor reviews, build program infrastructure and processes, and track remediation efforts to closure. You'll be responsible for scaling the program as our vendor portfolio grows, shaping TPRM as an in-house capability while executing assessments and driving results yourself.

Your core responsibilities include managing information risks at scale across vendors, SaaS platforms, APIs, shared service providers, and supply chain dependencies. You'll transform our TPRM approach from periodic questionnaires to continuous, automation-enabled monitoring, expand visibility into fourth-party risks, and coordinate with engineering, privacy, and procurement teams to address technical, operational, and contractual exposures.

Responsibilities

• Define and drive the TPRM roadmap and strategy - evolving the program into a scalable, repeatable process.
• Maintain and optimize our Third-Party Risk Management function responsible for driving third party risk assessments, continuous monitoring and incident support
• Audit new and existing third parties that are involved in exchange of information with our organization.
• Partner with Information Services to design and integrate automation and continuous monitoring tools (e.g., Vanta) into third party workflows.
• Embed security risk requirements into procurement, legal and contracting processes
• Oversee technical integration reviews for SaaS, APIs, cloud platforms, and data-sharing workflows
• Perform third party risk reviews of systems and services utilized by the organization.
• Ensure fourth-party and ecosystem dependency risks are incorporated into TPRM processes.
• Develop insights, dashboards and reporting that provides executive visibility into vendor, fourth-party and ecosystem risk
• Partner with Information Services and Engineering to  ensure vendor-related vulnerabilities and incidents are effectively resolved.
• Represent TPRM as a product and capability to leadership, customers, and stakeholders.
• Complete Third Party Questionnaires sent to our organization, and ensure Third Party Questionnaires we send are completed appropriately.
• Ensure our Trust Portal is maintained, the documentation is up to date, and inquiries are supported as they arise.
• Support the Cyber Audit and the Exchange Compliance systems, addressing relevant requests as appropriate.
• Maintain evidence repository and report tracking of TPRM compliance.
• Provide TPRM training to internal business units and vendor relationship owners
  
  

Qualifications:

• 7+ years of experience in third-party/vendor security risk management, supply chain risk, security, procurement, or GRC
• Experience with TPRM methodologies, frameworks, and regulations (e.g., SIG, CSA, ISO,, NIST)
• Experience with managing third party risks associated with SaaS, APIs, cloud services and architectures, and supply-chain ecosystems
• Proven ability to define and deliver roadmaps, evolving manual TPRM program into an automated, scalable product
• Hands-on knowledge of TPRM tools and continuous monitoring platforms (Vanta, BitSight, SecurityScorecard, ServiceNow, OneTrust, Process Unity, etc.)
• Experience supporting vendor-related security incidents
• Strong communication skills, with ability to brief senior leadership
• Ability to partner effectively with varying business stakeholders with differing priorities

Preferred Skills

• Advanced degree or two or more certifications (CRISC, CTPRP, CISM, CISSP, CISA, CIPT)
• Experience scaling global TPRM programs across diverse regulatory environments
• Knowledge of security and privacy frameworks (SOC 2, ISO 27001, NIST CSF, GDPR)
• Experience developing executive dashboards, scorecards, and reporting.
• Track record of building trusted partnerships with senior stakeholders across the enterprise - especially with Compliance, Legal, Security, Engineering, and Finance.
• Comfortable using AI as a partner in your day to day work activities.

Compensation & Benefits

We are excited to offer a competitive base pay range of $113,000 to $200,000 per year for this position, based on experience and qualifications. But that's not all - as a valued member of our team, you will also have access to an array of top-notch benefits, including:

• Annual bonus program and participation in our Restricted Stock Unit program
• 100% Employer-paid health, dental, and vision insurance for you, your dependents, and spouse or registered domestic partner
• 100% Employer paid long term disability, and life insurance
• 401(k) retirement plan with matching contributions to help you plan for your future
• Open Paid Time Off policy with a birthday day off and 11 holidays 
• Professional development reimbursement
• Cell Phone, Wellness, and Internet expense reimbursement, along with a subscription to the Calm App
• 100% fully paid parental leave for team members up to 22 weeks for the primary caregiver and 12 weeks for the secondary caregiver 
• Dog-friendly offices (LA and AZ) along with a $300 pet adoption reimbursement