About the Role
The Manager of Vendor Risk Management (VRM) is responsible for overseeing the identification, assessment, and mitigation of technology-related risks across all third-party vendors. This role ensures compliance with regulatory requirements and internal security standards by meeting the risk framework set forth by IT Risk. The manager will collaborate with key stakeholders, such as procurement, legal, and IT teams to implement effective controls and drive continuous improvement in vendor risk posture. Strong leadership and communication skills are essential to manage complex risk scenarios and communicate findings to senior stakeholders. The ideal candidate combines dep knowledge of IT security, vendor governance and risk management practices with the ability to influence strategic decisions.
Key Responsibilities
Program Leadership & Strategy
Provide leadership and oversight to a high performing team of Information Security professionals to ensure the confidentiality, integrity, and availability of information.
Oversee the Vendor Risk Management program, ensuring alignment with enterprise risk and compliance objectives.
Effective executive communication on vendor risk with the ability to simplify complexity.
Develop and maintain VRM policies, procedures, and governance frameworks.
Drive continuous improvement initiatives, including automation and integration of risk tools.
Gain and maintain knowledge of existing and emerging supply chain risks. Adjust the program to address/minimize these risks.
Meet with staff on a timely basis to conduct performance evaluations and provide feedback. Provide ongoing coaching, mentoring, and training to develop and encourage employee performance and development.
Risk Assessment & Monitoring
Lead the team in conducting inherent and residual risk assessments for new and existing vendors.
Implement continuous monitoring capabilities to track vendor risk posture in real time.
Ensure timely remediation of identified risks and findings, partnering with vendors and internal stakeholders.
Stakeholder Engagement
Collaborate with Supply Chain, Legal, and business units to embed security requirements into contracts and onboarding workflows.
Provide risk insights and recommendations to senior leadership for informed decision-making.
Serve as the primary point of escalation for vendor risk issues.
Reporting & Metrics
Deliver regular reports on vendor risk status, trends, and remediation progress to leadership and audit committees.
Establish KPIs and dashboards to measure program effectiveness.
Team Leadership
Manage and mentor a team of vendor risk analysts, fostering professional growth and collaboration.
Promote a culture of accountability, innovation, and continuous learning.
Lead with integrity and a positive attitude.
Perform special projects as assigned, while effectively managing time with competing priorities.
Requirements
- 7+ years of experience in vendor risk management, third-party risk, or IT security, with at least 3 years in a leadership role.
- Skill in conducting Information Security assessments of vendors/third parties.
- Strong knowledge of regulatory requirements (PCI DSS, SOX, HIPAA) and risk frameworks (NIST, ISO 27001).
- Experience with GRC platforms and continuous monitoring tools (e.g., Archer, BitSight).
- Effectively communicates Information Security risks to technical and non-technical stakeholders, offers actionable options, and drives resolutions that balance business needs with risk reduction.
- Ability to lead and mentor direct reports and colleagues, and support leadership directives.
- Proactive in nature with customer satisfaction as a primary goal.
- Excellent written and verbal communication skills with a demonstrated ability to develop and maintain relationships.
- Strong sense of urgency, accountability, and ownership.
- Consistently prioritizes safety and security of self, others, and personal data.
- Embraces diverse people, thinking, and styles.
- Possesses a high school diploma, GED, or high school equivalency.
- Is at least 18 years of age and has authorization to work in the United States.
About the Company
Delta Air Lines (NYSE: DAL) is the U.S. global airline leader in safety, innovation, reliability and customer experience. Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-winning customer service.
With our mission of connecting the people and cultures of the globe, Delta strives to foster understanding across a diverse world and serve as a force for social good.