Manager of IT Risk & Compliance - IT TPRM

TJX Companies At TJX Companies, every day brings new opportunities for growth, exploration, and achievement. You'll be part of our vibrant team that embraces diversity, fosters collaboration, and prioritizes your development. Whether you're working in our four global Home Offices, Distribution Centers or Retail Stores-TJ Maxx, Marshalls, Homegoods, Homesense, Sierra, Winners, and TK Maxx, you'll find abundant opportunities to learn, thrive, and make an impact. Come join our TJX family-a Fortune 100 company and the world's leading off-price retailer. Job Description: What You Will Do: The Manager of IT Third-Party Risk Management is a seasoned leader responsible for guiding a high-performing team and overseeing multiple programs that strengthen vendor-related IT risk and compliance capabilities across the organization. This role ensures alignment with enterprise goals, focusing on mitigating business risks and driving operational efficiency. A key aspect of the role is fostering team development through mentorship, training, and career growth opportunities to cultivate a collaborative and high-performance culture. You Will: Lead the assessment, monitoring, and mitigation of risks associated with third-party vendors and service providers supporting the organization's technology ecosystem. Ensure that third-party IT engagements comply with internal policies, regulatory requirements, and industry best practices in cybersecurity, data privacy, and operational resilience. Successful Candidates Will Demonstrate Expertise in the Following Areas: Program Leadership & Strategy • Develop and maintain the IT Third-Party Risk Management (TPRM) framework, policies, and procedures. • Lead resolution of complex challenges across projects or programs, identifying strategic or procedural solutions and driving process improvements. • Collaborate with Procurement, Legal, Compliance, and IT teams to embed risk management throughout the vendor lifecycle. • Identify and implement opportunities to enhance process efficiency and effectiveness; coach team members in continuous improvement. • Support IT-driven initiatives aligned with domain roadmaps or business effectiveness goals. Risk Assessment & Monitoring • Oversee risk assessments for new and existing third-party vendors, with a focus on cybersecurity, data protection, and operational risk. • Evaluate vendor controls using techniques such as questionnaires, documentation reviews, and external intelligence. • Conduct ongoing due diligence and periodic reviews to monitor vendor performance and risk posture. Governance & Reporting • Prepare and deliver risk reports, metrics, and dashboards to senior leadership and governance committees. • Track remediation efforts and escalate critical issues as appropriate. • Ensure compliance with relevant standards and frameworks (e.g., NIST, ISO 27001). Stakeholder Engagement • Manage stakeholder relationships to align strategic direction and program execution with organizational goals. • Champion GRC tools and services that drive operational efficiency. • Collaborate with associates and senior executives to advance risk management practices and solutions. • Maintain a customer-focused operating model for risk and compliance services. • Serve as a subject matter expert and advisor to business units on third-party risk. • Build strong relationships with internal stakeholders and external vendors to promote risk awareness and accountability. • Influence decision-making within the internal stakeholder community. Technology & Tools • Provide technical and managerial oversight across multiple risk and compliance projects and programs. • Allocate resources strategically to support initiatives aligned with organizational priorities. • Manage and optimize third-party risk management platforms and tools (e.g., ProcessUnity, ServiceNow). • Leverage automation and analytics to improve risk visibility and operational efficiency. What You Have: • Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field (Master's preferred). • 8+ years of experience in IT risk management, vendor risk, or cybersecurity, including 3+ years in a leadership role. • Deep understanding of third-party risk frameworks and regulatory requirements. • Broad knowledge of risk and compliance concepts, technologies, and practices across multiple domains. • Experience with industry frameworks and standards to ensure alignment with best practices and regulatory expectations. • Proficiency with risk assessment tools (e.g., ServiceNow, SIG, BitSight, ProcessUnity). • Strong communication, leadership, and stakeholder management skills. • Relevant certifications (e.g., CISM, CRISC, CISSP) are a plus. Preferred: • Strategic thinker with a proactive, solution-oriented mindset. • Ability to manage multiple priorities in a fast-paced environment. • Strong analytical and problem-solving skills. • Comfortable presenting to senior executives and boards. Benefits include Associate discount; 401(k) match; medical/dental/vision; HSA; health care FSA; life insurance; short/long-term disability; paid holidays/vacation /sick/bereavement/parental leave; EAP; incentive programs for management; auto/home insurance discounts; tuition reimbursement; scholarship program; adoption/surrogacy assistance; smoking cessation; child care/cell phone discounts; pet/legal insurance; credit union; referral bonuses. All benefits are subject to applicable plan or program terms (including eligibility terms) and may change from time to time. Contact your TJX representative for more information. In addition to our open door policy and supportive work environment, we also strive to provide a competitive salary and benefits package. TJX considers all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status, or based on any individual's status in any group or class protected by applicable federal, state, or local law. TJX also provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law. Address: 300 Value Way Location: USA Home Office Marlborough MA 300 Value Way This position has a starting salary range of $153,600.00 to $199,700.00 per year. Actual starting pay is determined by a number of factors, including relevant skills, qualifications, and experience. This position is eligible for an annual incentive as well as long-term incentives. Apply tot his job Apply To this Job