Job Specifications
Help us safeguard CFA Institute by building and leading a best-in-class third-party cybersecurity risk program. In this senior role, you’ll identify, assess, and reduce risks across our vendor ecosystem—partnering closely with procurement, legal, security, and business teams to embed strong controls into how we select, onboard, and manage suppliers. If you thrive at the intersection of risk, security, and stakeholder influence, we’d love to hear from you.
Please note: CFA Institute does not provide work authorization or visa sponsorship for this position (including student or temporary worker visas).
What You’ll Do
Design, implement, and continuously mature the third-party cybersecurity risk management (TPRM) program across the full vendor lifecycle.
Lead due diligence and risk assessments; establish risk ratings, KRIs, and clear escalation protocols.
Integrate security requirements into sourcing, contracting, and onboarding in partnership with procurement and legal.
Recommend, track, and close remediation actions; stand up continuous monitoring for critical suppliers.
Build and maintain dashboards/metrics to communicate exposure and drive decision-making with leadership.
Align the program with relevant regulations and frameworks (e.g., GDPR, CCPA) and certifications/standards (e.g., NIST CSF, ISO 27001, SOC 2); support internal and external audits.
Serve as the primary point of contact for third-party cyber risk; educate stakeholders and champion best practices across the enterprise.
What You’ll Bring
Minimum Qualifications
Bachelor’s degree in cybersecurity, information systems, risk management, or a related field—or equivalent experience.
5–8 years of cybersecurity or risk management experience with direct ownership of third-party/vendor risk.
Strong working knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) and risk assessment methodologies.
Familiarity with compliance and audit requirements (e.g., SOC 2, HIPAA, PCI DSS).
Proven ability to analyze complex vendor ecosystems and clearly communicate risk in business terms.
Excellent stakeholder management, influence, and communication skills.
Analytical, detail-oriented, and adept at balancing risk with business objectives in a dynamic environment.
Preferred Qualifications
Professional certifications such as CISM, CRISC, CTPRP (or equivalent).
Experience establishing KRIs, dashboards, and continuous monitoring for supplier risk.
Demonstrated success partnering with procurement, legal, and security to embed controls in enterprise processes.
Audit support experience for vendor risk programs and an ongoing commitment to professional development.
Why Join Us?
Lead a high-impact program that protects our mission and members worldwide.
Collaborate with experienced security, technology, and business leaders.
Work in a culture that values authenticity, courage, accountability, and a growth mindset.
Opportunity to shape strategies and practices that elevate supplier security across the organization.
At CFA Institute, we are committed to transparency and equity in our hiring process. In compliance with wage transparency laws in many of the jurisdictions in which we recruit, we provide the following information regarding compensation for this position:
Expected salary range: $135,000 - $155,000
Other benefits include eligibility for annual incentives, 12% retirement employer contribution, and competitive medical benefits.
All salary ranges are subject to adjustment based on experience, education, and other factors relevant to the position. CFA Institute is an equal opportunity employer and encourages applications from all qualified individuals.
About CFA Institute
CFA Institute are the global leader in investment excellence and ethics. With nearly 200,000 charterholders across 160 markets, we drive professional growth, ethical behavior, and better markets. We care about our employees’ well-being, offering industry-leading benefits like:
Comprehensive health coverage for you and your family
Generous leave and time off
Competitive retirement plans
Flexible work options
Wellness, education, and support programs
If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.
Be part of a team committed to putting investors first and growing economies. Follow us @CFAInstitute on LinkedIn and X.
Important Message: Your application must clearly demonstrate how you meet the requirements as CFA Institute cannot make assumptions about your education, experience, or location. We thank all those who apply. Only those selected for further consideration will be contacted.
We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, reli
About the Company
Our members and charterholders advance market integrity, trust, and transparency in their professions to build more sustainable, inclusive, and prosperous societies.
With a heritage of over 75 years, CFA Institute has 200,000 members in 160 locations around the world, providing an unparalleled network of visionary leaders.
Our rigorous CFA Institute qualifications and education offerings are designed to support professionals in their practice areas and build confidence with our clients and partners.
Our world-class Research ...
Know more