Director Third Party Risk

Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.

How you can make a difference

The Director of Third-Party Risk is a strategic leadership role responsible for overseeing and evolving the third-party risk management program. This position plays a key role in driving the organization's vision for comprehensive third-party risk management, ensuring alignment with enterprise strategy. The Director will lead a growing team and collaborate cross-functionally to identify, assess, and mitigate risks across cybersecurity, resiliency, financial, and operational domains. By conducting in-depth risk analyses and driving remediations, this role ensures third-party relationships align with the company's risk tolerance and strategic objectives, while fostering a culture of accountability and resilience.

What you'll be doing (Job Duties & Responsibilities)

Third-Party Risk Program Leadership: Develop and execute a Third-Party Risk Management (TPRM) strategy that integrates cybersecurity, resiliency, and financial risks into enterprise objectives.
• Oversee third-party risk assessments, including initial due diligence, ongoing monitoring, and periodic reassessments.
• Design policies and scalable processes to streamline assessments and automate control assurance.
• Identify and proactively address risks, engaging stakeholders to drive effective remediation.
• Act as an InfoSec SME, supporting Legal and Procurement in third-party contract negotiations.
• Risk Assessment & Remediation: Lead the creation, execution, and automation of security assessments for third-party partners.
• Periodically reassess critical third-party risks, applying lessons learned to enhance risk management practices.
• Policy & Governance: Establish and maintain policies, procedures, and controls to effectively manage third-party risk.
• Ensure compliance with financial services, healthcare, and data privacy regulations (e.g., HIPAA, SOC 2, PCI-DSS, GDPR).
• Cross-Functional Collaboration: Partner with Legal, Compliance, Information Security, Procurement, and Business Units to drive risk mitigation strategies and vendor oversight.
• Build strong relationships with IT, Security, Procurement, Legal, and Risk stakeholders.
• Issue & Incident Management: Identify, assess, and manage third-party security incidents, ensuring timely resolution and reporting.
• Support audit inquiries and regulatory reviews to maintain compliance.
• Performance & Reporting: Develop risk metrics and dashboards to monitor trends, findings, and program effectiveness.
• Vendor Lifecycle Management: Oversee risk-based vendor segmentation, contract risk assessments, and exit strategies for high-risk vendors.
• Technology & Automation: Leverage tools and technology to streamline TPRM processes and improve efficiency.
• Provide regular risk updates to senior leadership and the board.

What you will need to be successful (Skills, Knowledge, & Experience)

• Bachelor's degree in Risk Management, Finance, Information Security, or a related field or equivalent experience.
• 10+ years of experience in risk management, third-party/vendor risk, compliance, or related fields, with at least 5 years in a leadership role.
• Proven experience in third-party risk management frameworks, regulatory requirements, with a strong understanding of technical assurance and holistic risk management.
• Experience in developing and driving risk management programs.
• Proficiency in risk assessment methodologies, contract risk reviews, and vendor due diligence processes.
• Familiarity with risk management platforms (e.g., Archer, ServiceNow, OneTrust) and data analytics tools.
• Exceptional leadership, communication, and stakeholder management skills.
• Relevant certifications (e.g., CTPRP, CRISC, CISSP, CISM) preferred
• A leadership style that fosters teamwork, collaboration and a commitment to customer service excellence.
• Proven security expertise in environments with similar complexity and regulatory profiles to HealthEquity, spanning financial services, financial technology, and healthcare insurance.
• Ability to occasional domestic travel (up to 15%) to conduct on-site assessments and collaborate with internal and external partners. Travel durations are typically 1-3 days once a quarter.

#LI-Remote

This is a remote position.

The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives and restricted stock units as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision

• HSA contribution and match

• Dependent care FSA match

• Uncapped paid time off

• Adventure accounts

• Paid parental leave

• 401(k) match

• Personal and healthcare financial literacy programs

• Ongoing education& tuition assistance

• Gym and fitness reimbursement

• Wellness program incentives

Why work for HealthEquity

HealthEquity has a vision that by2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more.

Come be your authentic self

HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity's applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity is committed to your privacy as an applicant for employment. For information on our privacy policies and practices, please visit HealthEquity Privacy.