Third-Party Risk Sourcing Manager
Company: The New York Times
Location: New York City
Posted on: April 3, 2026
|
|
|
Job Description:
The mission of The New York Times is to seek the truth and help
people understand the world. That means independent journalism is
at the heart of all we do as a company. It’s why we have a
world-renowned newsroom that sends journalists to report on the
ground from nearly 160 countries. It’s why we focus deeply on how
our readers will experience our journalism, from print to audio to
a world-class digital and app destination. And it’s why our
business strategy centers on making journalism so good that it’s
worth paying for. About the Role: We are looking for a Third-Party
Risk Sourcing Manager to join our Strategic Sourcing team,
reporting directly to the Executive Director, Strategic Sourcing.
You will lead our daily third-party risk due diligence efforts,
collaborating with departments like Technology, and Legal to
address risks across a range of domains. You will oversee sourcing
enablement services, intake operations, policy implementation, and
automation, to support tail-spend sourcing programs. You will focus
on coaching and work allocation, with limited direct people
leadership responsibilities. We operate under a hybrid
remote/in-office policy, requiring three days per week in our New
York City office and two days remote. Responsibilities: Third-Party
Risk Management Perform initial reviews for low/medium-risk
vendors. During these reviews, you will examine evidence to
identify gaps and residual risk. This evidence includes SIG/SIG
Lite, CAIQ, SOC 2 Type II, ISO 27001, PCI SAQ/AoC, DPAs, BC/DR, and
VAPT summaries. Evaluate and escalate high-risk vendors to internal
subject matter experts and coordinate mitigation actions and follow
up. Lead time-bound risk review meetings and escalations with
subject matter experts. You will maintain using risk guides,
document decisions and risk acceptance, coordinate mitigations, and
track remediation to closure. Manage Third-Party Risk Management
(TPRM) inventory and assessment Service level agreements. You will
support incident response and vendor issue management.
Additionally, you will process metrics involving publishing
dashboards that track cycle time, backlog age, assessments, and
remediation closure, and delivering partner training. Source
Enablement Tail-spend sourcing: Increase delivery velocity with
risk-appropriate approaches; apply guides, informal RFx, and
negotiation strategies. Intake/help desk: Serve as the front door
for sourcing requests; maintain Service level agreements, and
measure requester satisfaction. Efficient Contracting: use standard
templates and establish fallback positions to manage Legal
escalations. Enablement and continuous improvement: Improve
adoption of Sourcing templates, and guides; refine Sourcing intake
workflows to apply risk-appropriate effort. AI-assisted workflows:
Design and operationalize AI-assisted processes (with guardrails)
for Sourcing tasks. Demonstrate support and understanding of our
value of journalistic independence and a commitment to our mission
to seek the truth and help people understand the world . Basic
Qualifications: 5 years of experience in third-party risk
management, vendor risk, IT risk, or adjacent governance roles,
with hands-on due diligence and assessment experience. Proficiency
in reviewing vendor security/privacy evidence. Familiarity with
contractual terms in procurement, including limitation of
liability, indemnities, confidentiality and Service Level
Agreements. Knowledge of TPRM systems (e.g., ProcessUnity, Navex,
Whistic) and intake-to-pay systems (preferably Zip). Understanding
of external ratings from providers like BitSight,
SecurityScorecard, and others. Familiarity with frameworks is
important. These include the National Institute of Standards and
Technology Cybersecurity Framework, ISO 27001/27701, SOC 2, and PCI
DSS. Additionally, knowledge of privacy regulations is necessary,
such as the General Data Protection Regulation and California
Privacy Rights Act. Experience managing queues against Service
level agreements and prioritizing trade-offs. Bachelor's degree or
equivalent practical experience. Preferred Qualifications: 5 years
of Experience in Financial Services, or other regulated sectors.
CTPRP, CRISC, or relevant security/risk certificates. LI-Hybrid
REQ-019303 The annual base pay range for this role is between:
$125,000 - $145,000 USD For roles in the U.S., dependent on your
role, you may be eligible for variable pay, such as an annual bonus
and restricted stock. Benefits may include medical, dental and
vision benefits, Flexible Spending Accounts (F.S.A.s), a
company-matching 401(k) plan, paid vacation, paid sick days, paid
parental leave, tuition reimbursement and professional development
programs. For roles outside of the U.S., information on benefits
will be provided during the interview process. The New York Times
Company is committed to being the world’s best source of
independent, reliable and quality journalism. To do so, we embrace
a diverse workforce that has a broad range of backgrounds and
experiences across our ranks, at all levels of the organization. We
encourage people from all backgrounds to apply. We are an Equal
Opportunity Employer and do not discriminate on the basis of an
individual's sex, age, race, color, creed, national origin,
alienage, religion, marital status, pregnancy, sexual orientation
or affectional preference, gender identity and expression,
disability, genetic trait or predisposition, carrier status,
citizenship, veteran or military status and other personal
characteristics protected by law. All applications will receive
consideration for employment without regard to legally protected
characteristics. The U.S. Equal Employment Opportunity Commission
(EEOC)’s Know Your Rights Poster is available here . The New York
Times Company will provide reasonable accommodations as required by
applicable federal, state, and/or local laws. Individuals seeking
an accommodation for the application or interview process should
email reasonable.accommodations@nytimes.com. Emails sent for
unrelated issues, such as following up on an application, will not
receive a response. The Company encourages those with criminal
histories to apply, and will consider their applications in a
manner consistent with applicable "Fair Chance" laws, including but
not limited to the NYC Fair Chance Act, the Los Angeles Fair Chance
Initiative for Hiring Ordinance, the San Francisco Fair Chance
Ordinance, the Los Angeles County Fair Chance Ordinance for
Employers, and the California Fair Chance Act. For information
about The New York Times' privacy practices for job applicants
click here . Please beware of fraudulent job postings. Scammers may
post fraudulent job opportunities, and they may even make
fraudulent employment offers. This is done by bad actors to collect
personal information and money from victims. All legitimate job
opportunities from The New York Times will be accessible through
The New York Times careers site . The New York Times will not ask
job applicants for financial information or for payment, and will
not refer you to a third party to do so. You should never send
money to anyone who suggests they can provide employment with The
New York Times. If you see a fake or fraudulent job posting, or if
you suspect you have received a fraudulent offer, you can report it
to The New York Times at NYTapplicants@nytimes.com. You can also
file a report with the Federal Trade Commission or your state
attorney general .
Keywords: The New York Times, Philadelphia , Third-Party Risk Sourcing Manager, Accounting, Auditing , New York City, Pennsylvania
