top of page

Third Party Due Diligence - Monitoring

Remote

Job Type

Full time

Organization

Mizuho

Application Deadline

July 11, 2026

About the Role

The Mizuho Americas Enterprise Controls Department (ECD) is a 1st Line of Defense (1LoD) risk and control function delivering enterprise control services across Third Party Services, Business Continuity Planning, and Business Risk and Control Services. The department creates singular accountability and a "one-stop shop" for enterprise control services across all lines of business and corporate functions in the Americas region, and it sits within the Mizuho Americas Enterprise Services Division.

Third Party Risk Management Unit

The TPRM Unit is a 1LoD risk function responsible for providing white-glove service to business lines and corporate functions, shepherding them through the Third Party Risk Management lifecycle, conducting due diligence directly with third parties, and providing oversight of the TPRM function.

Third Party Due Diligence (TPDD) Team

TPDD conducts risk-based evaluations of third-party service providers across Information Security, Information Technology, Business Continuity Planning, and adjacent domains, and is responsible for ongoing monitoring of third and fourth parties across Cybersecurity, Financial, Compliance, Operational, Geographic, and ESG events using tools including BitSight, Supply Wisdom, and NCFTA intelligence feeds.

Role Summary

The Assistant Vice President TPDD – Ongoing Monitoring is accountable for the end-to-end execution and quality of TPDD's continuous monitoring program for Critical, High, Moderate, Low, and Nominal third and fourth parties. The AVP owns the timely identification, triage, escalation, and resolution of monitoring alerts; partners with Third Party Managers (TPMs), Business Approvers, SMEs, Legal, and Compliance to drive remediation; and ensures all monitoring activity is documented in an audit-ready, regulator-defensible manner consistent with the MUSO TPRM Policy, Standard, and Procedure.

Roles And Responsibilities

Ongoing Third / Fourth Party Monitoring Own end-to-end ongoing monitoring of third and fourth party risks across cybersecurity (BitSight) and enterprise risk domains (Supply Wisdom), including weekly alert reviews; trend and impact analysis; ransomware and vulnerability assessments; fourth-party incident reporting; monthly third-party and location license and data reconciliation with heat map analysis; composite risk-rating evaluations across Macro-Economic, Financial, Geo-Political, Infrastructure, Business, Legal, Security & Compliance, Scalability, and ESG domains; and coordination with Cyber Defense to review NCFTA alerts and identify, assess, and respond to emerging high-risk cyber threats affecting Mizuho third parties.
Alert Triage, Escalation, and Stakeholder Engagement Serve as the primary point of contact for TPMs, Business Approvers, Legal, Compliance, CISO/Cyber Defense, Data Loss Prevention (DLP), and Subject Matter Experts (SMEs) to assess the business impact of third and fourth party risk events; document material incidents in Archer (e.g., score declines exceeding 5%, severe fourth-party incidents, sanctions hits, or breaches); identify and analyze risk issues, clearly communicate impacts in business terms, drive and track remediation to closure, and escalate Critical or High-risk issues to TPDD leadership, and TPRM Management, as appropriate.
Concentration & Portfolio Risk Monitoring Support monthly concentration and portfolio risk monitoring across third parties (e.g., engagement volume, service locations, contingent workers, and sole-provider exposure), contribute to quarterly reporting, and maintain accurate BitSight portfolios and Supply Wisdom license assignments to ensure all concentration-risk third parties are continuously monitored as Critical under appropriate license types.
Assessment Lifecycle Support Lead and perform due diligence reviews, reassessments, and significant change evaluations in accordance with TPRM policies and procedures; assess inherent risk and control effectiveness across key domains (e.g., Information Security, Technology, Business Continuity, Risk Management, Incident Management, Physical Security, Nth-Party Risk, and HR); identify and document due diligence gaps and risk exposures; recommend remediation, risk acceptance, or escalation actions in Archer; and coordinate Certificate of Insurance (COI) validation, as needed, including documenting any gaps.
Reporting, Governance, and Audit Readiness Review Archer KRI reports to identify threshold breaches and overdue activities, assess risk impact, drive remediation with stakeholders, and escalate issues as needed; ensure risk acceptances are recorded and tracked; support internal and external audits, regulatory exams, and Federal Banking Agency Report of Examination (ROE) reviews through timely, accurate documentation; and maintain complete, audit-ready records, including QA reviews of 10% of Moderate/Low and 100% of Critical/High assessments.
Program Enhancement Contribute to the enhancement of IRQs, DDQs, monitoring playbooks, KRIs, and reporting processes to improve consistency, efficiency, and audit readiness; identify and remediate data anomalies in Archer and support reconciliations across systems (Archer, SNOW, Supply Wisdom, BitSight); and ensure timely, high-quality delivery of monitoring activities aligned with TPRM objectives and regulatory requirements, including additional responsibilities as needed to support the TPRM program.

Requirements

The individual will be part of the Third Party Due Diligence team, working remotely with periodic onsite presence as required; the position will be commensurate with experience and qualifications.

  • Bachelor's degree in a relevant field, such as Information Security, Cybersecurity, Business Administration, Finance, or Risk Management.
  • 5+ years of experience in third-party risk management, monitoring, risk assessment, IT audit, or related disciplines within regulated financial services or consulting.
  • Professional certifications strongly preferred (e.g., CTPRP, CTPRA, CISA, CRISC, CISSP).
  • Demonstrated experience with continuous monitoring platforms (BitSight, Supply Wisdom, or equivalent) and GRC tools (Archer or equivalent).
  • Solid knowledge of data analysis, contract review, data privacy, information security, information technology, and Business Continuity Planning (BCP) principles.
  • Strong ability to identify, assess, and articulate risks and vulnerabilities; sound judgment in evaluating control evidence.
  • Advanced Excel, AI and analytical skills, with strong attention to detail and accuracy.
  • Proven ability to manage priorities, drive issues to closure, and meet regulatory deadlines.
  • Strong interpersonal, stakeholder-management, and critical-thinking skills, with the ability to collaborate across the 1LoD, 2LoD, Legal, Compliance, and senior management.
  • Excellent written and verbal communication skills, with the ability to translate technical risks into clear business language for TPMs, Business Approvers, and executive stakeholders.
  • Experience with Shared Assessments (SIG framework) preferred.
  • Familiarity with U.S. regulatory expectations applicable to TPRM (FRB SR 13-19, OCC Bulletin 2013-29, NYDFS Part 500, FFIEC guidance) preferred.

About the Company

This is not your typical financial institution. It’s our people who make us a cut above. Here, every person is respected because of their differences, not in spite of them. We pride ourselves on a culture of purpose, passion and compassion.

At Mizuho, we provide the stability of an international industry leader with the career trajectory of a growing business. Our steady, strategic growth gives our people at all levels rewarding degrees of responsibility and a richer work experience than a boutique firm or an established giant could offer alone.

Working for Mizuho opens doors not just to a rewarding career with excellent prospects, but to lasting friendships with colleagues from diverse cultures. It’s the local expertise of our employees that makes our global network so powerful. By collaborating with colleagues and clients who have your same ambition, you can amplify your sphere of influence and base of knowledge as part of one of the largest—and growing—banks in the world.

We’re all global citizens, and that’s why our company feels compelled to make an impact through more than just drawing up deals. We prove that it’s possible to do well and do good. We do right by our clients, our community and each other.

bottom of page