The GPI IT Compliance team is seeking an experienced professional to oversee and manage various tasks related to GPI's IT/OT Third Party Risk Management practices and technologies. This role will ...
The GPI IT Compliance team is seeking an experienced professional to oversee and manage various tasks related to GPI's IT/OT Third Party Risk Management practices and technologies. This role will ...
In addition, this role will collaborate with architecture, legal, compliance, and privacy as part of our TPRM (Third Party Risk Management) process. This role will help review risk assessments for ...
In addition, this role will collaborate with architecture, legal, compliance, and privacy as part of our TPRM (Third Party Risk Management) process. This role will help review risk assessments for ...
Senior Security Third Party Risk (TPRM) Analyst
Atlanta, GA · On-site
$104K - $156K/yr
... TPRM (Third Party Risk Management) process. This role will help review risk assessments for ... Evaluate supplier control environments against established risk management standards and frameworks.
Senior Security Third Party Risk (TPRM) Analyst
Atlanta, GA · On-site
$104K - $156K/yr
... TPRM (Third Party Risk Management) process. This role will help review risk assessments for ... Evaluate supplier control environments against established risk management standards and frameworks.
Senior Security Third Party Risk (TPRM) Analyst
$104K - $156K/yr
... TPRM (Third Party Risk Management) process. This role will help review risk assessments for ... Evaluate supplier control environments against established risk management standards and frameworks.
Quick apply
Senior Security Third Party Risk (TPRM) Analyst
$104K - $156K/yr
... TPRM (Third Party Risk Management) process. This role will help review risk assessments for ... Evaluate supplier control environments against established risk management standards and frameworks.
Perform non-performing Third Party metric root cause analysis and prepare and manage Go to Green plans * Review and challenge data transmission registrations (DTRs) and Third Party risk assessments ...
Perform non-performing Third Party metric root cause analysis and prepare and manage Go to Green plans * Review and challenge data transmission registrations (DTRs) and Third Party risk assessments ...
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
S&R Risk Specialist
Atlanta, GA · On-site
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
S&R Risk Specialist
Atlanta, GA · On-site
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
Third Party Risk Management * Payment systems (including digital assets) * Core banking services Familiarities with - * FFIEC, NIST, SANS and ISO standards and frameworks * Information security ...
Senior Third-Party Cyber Response Analyst
Alpharetta, GA · On-site
$60 - $65/hr
We are looking for : * 8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
New
Senior Third-Party Cyber Response Analyst
Alpharetta, GA · On-site
$60 - $65/hr
We are looking for : * 8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
New
This position will also be responsible for oversight and program management of third-party risk management and Business Continuity Planning activities for the organization. They will report on these ...
This position will also be responsible for oversight and program management of third-party risk management and Business Continuity Planning activities for the organization. They will report on these ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
Lead third-party and vendor security risk assessments and due diligence activities. Compliance & Security Assurance * Manage cybersecurity compliance programs aligned with frameworks and regulations.
Lead third-party and vendor security risk assessments and due diligence activities. Compliance & Security Assurance * Manage cybersecurity compliance programs aligned with frameworks and regulations.
Cyber Security Analyst, 3rd Party Events/Incidents response 12+ mths cont Alpharetta, GA
Alpharetta, GA · On-site
We are looking for : * 8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
Cyber Security Analyst, 3rd Party Events/Incidents response 12+ mths cont Alpharetta, GA
Alpharetta, GA · On-site
We are looking for : * 8+ years of relevant experience in financial industry / technology, either in Incident Management or Third Party Risk Management (including Vendor Risk Assessments) fields.
They are seeking a Staff Product Manager, AI Governance & Supply Chain Integration Risk to lead product strategy and execution, focusing on reducing risk across SaaS and third-party ecosystems.
They are seeking a Staff Product Manager, AI Governance & Supply Chain Integration Risk to lead product strategy and execution, focusing on reducing risk across SaaS and third-party ecosystems.
Lead third-party and vendor security risk assessments and due diligence activities. Compliance & Security Assurance * Manage cybersecurity compliance programs aligned with frameworks and regulations.
Lead third-party and vendor security risk assessments and due diligence activities. Compliance & Security Assurance * Manage cybersecurity compliance programs aligned with frameworks and regulations.
Identify the most important customer problems related to SaaS supply chain risk, third-party access ... Required qualifications * 7+ years of Product Management experience, ideally in B2B SaaS ...
Quick apply
Identify the most important customer problems related to SaaS supply chain risk, third-party access ... Required qualifications * 7+ years of Product Management experience, ideally in B2B SaaS ...
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
Risk Manager
Atlanta, GA · On-site
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
Risk Manager
Atlanta, GA · On-site
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
The Risk Manager will identify, assess, and mitigate potential risks that could impact the company ... Communicate subcontractor and vendor insurance requirements to the third-party compliance vendor ...
Cybersecurity Third Party Senior Analyst
$96K - $124K/yr
Coordinate with third party risk management, incident response, and infrastructure teams to validate threats, contain incidents, and recommend remediation steps. * Monitor external threat ...
Cybersecurity Third Party Senior Analyst
$96K - $124K/yr
Coordinate with third party risk management, incident response, and infrastructure teams to validate threats, contain incidents, and recommend remediation steps. * Monitor external threat ...
Third Party Risk Manager information
See Atlanta, GA salary details
$49.5K - $59.9K
4% of jobs
$59.9K - $70.2K
6% of jobs
$70.2K - $80.6K
11% of jobs
$84.5K is the 25th percentile. Wages below this are outliers.
$80.6K - $91K
11% of jobs
The median wage is $99.2K / yr.
$91K - $101.3K
23% of jobs
$101.3K - $111.7K
13% of jobs
$118.5K is the 75th percentile. Wages above this are outliers.
$111.7K - $122K
12% of jobs
$122K - $132.4K
8% of jobs
$132.4K - $142.8K
6% of jobs
$142.8K - $153.1K
4% of jobs
$153.1K - $163.5K
2% of jobs
$49.5K
$107.3K
$163.5K
How much do third party risk manager jobs pay per year?
What is the difference between Third Party Risk Manager vs Vendor Risk Analyst?
| Aspect | Third Party Risk Manager | Vendor Risk Analyst |
|---|---|---|
| Credentials | Certifications like CRISC, CTPRP often preferred | Certifications such as CRISC, CTPRP common |
| Work Environment | Oversees multiple vendors and third-party relationships at strategic level | Focuses on assessing specific vendor risks and compliance |
| Employer & Industry Usage | Used in finance, healthcare, and large corporations managing third-party risks | Common in IT, finance, and procurement departments |
| Search & Comparison Intent | Often compared for broader risk management roles | Compared for detailed vendor risk assessments |
The Third Party Risk Manager oversees the overall risk associated with third-party vendors, focusing on strategic risk mitigation. The Vendor Risk Analyst concentrates on evaluating individual vendors' risks and compliance. While both roles require similar certifications and work in related environments, the Risk Manager has a broader scope, whereas the Analyst specializes in detailed assessments.
What are the key skills and qualifications needed to thrive as a Third Party Risk Manager, and why are they important?
What is a Third Party Risk Manager?
How does a Third Party Risk Manager typically collaborate with other departments to manage vendor risks?

Full-time
Re-posted 19 hours ago
Graphic Packaging International rating
6.7
Based on 123 frontline employees who took The Breakroom Quiz
82nd of 114 rated packaging manufacturers
Job description
Graphic Packaging International, LLC (GPI) fosters a culture that protects, preserves, and enhances our reputation. The GPI IT Compliance team is seeking an experienced professional to oversee and manage various tasks related to GPI's IT/OT Third Party Risk Management practices and technologies.
This role will encompass Third Party Risk practices being deployed to manufacturing facilities with the intent to minimize GPI's risk exposure related to third parties in the GPI ecosystem. This position is responsible for deploying risk management practices to the IT/OT footprint at GPI, and to provide leadership with transparency into GPI's risk exposure for both IT and OT respectively specific to third parties. This role involves establishing new processes with focus on Industrial Control Systems, MES systems and all OT systems in use at GPI manufacturing facilities (plants and mill locations) across the globe.
Lead, IT/OT - Third Party Risk Management is expected to:
- Coordinate with external providers and internal technology teams regarding platform development, enhancements, integration and issue resolution
- Liaise with global risk and compliance groups and OT engineers and leaders related to due diligence matters and system requests or changes
- Collaborate across IT and manufacturing facilities with cross functional teams to escalate and resolve issues and risks identified and tracked
- Represent the IT Compliance Office with business teams, partners, and other GPI stakeholders, and with external third parties
- Identify key performance indicators to be used for management reporting at GPI
- Manage reporting and analyzing metrics for key performance indicators identified for GPI
- Identify risks, exceptions to policy or standards and other risk related issues for tracking and reporting or escalations to leadership
- Define and oversee processes and standards of operation performed by global IT/OT resources
Responsibilities
- Gain comprehensive knowledge and understanding of relevant policies, guidelines and compliance program elements which will be deployed to IT/OT processes to achieve risk minimization objectives
- Manage and perform monitoring activities on the IT/OT TPRM program activities, including use of the IT Risk Management and Third Party Risk Management modules within the GPI GRC system (OneTrust)
- Perform data analysis for ongoing monitoring of control violations, risk assessment activities, and reporting to management and senior leaders on key performance indicators on a recurring cadence
- Effectively interpret and document testing and monitoring results and develop recommendations for improvements and enhancements to reduce GPI risk profile for OT systems
- Utilize and develop data analytics capabilities to evaluate and improve third party management decisions, mitigation planning of obsolete technologies, and identifying reporting mechanisms to be leveraged for same
- Identify operational risks for OT third parties that need to be raised to leadership for remediation and risk reduction workstreams
- Oversee training of IT and OT TPRM team members, risk & compliance groups and GPI stakeholders on TPRM practices adopted and deployed at GPI
- Monitor, report and track compliance with policies and practices, including system security and access controls for OT systems and respective third parties
- Collaborate with cross functional engineers, leaders, colleagues, and global partners to achieve alignment on goals and objectives associated with risk reduction workstreams
- Effectively communicate with peers, managers, senior managers, and executive leaders cross functionally as a trusted subject matter expert and advisor for TPRM practices
- Recommend and implement process improvements to meet IT/OT Convergence TPRM, risk & compliance goals on an annual basis.
- Provide system and process training and support to the global IT organization and OT engineers and leaders for the ITRM platform TPRM module(s)
- Design and manage other IT third party assessment templates and workflows
- The role will evolve as IT/OT TPRM discipline expands and changes to meet compliance needs of GPI
Key Skills
- Aptitude to learn and utilize technology to perform and document responsibilities
- Moderate to advanced skills working with technical tools including Microsoft Office applications, specifically Excel, PowerPoint and Word
- Proven ability designing or enhancing third party risk management or compliance-related activities
- Excellent organizational aptitude
- Ability to analyze problems and facilitate solutions
- Excellent written and verbal communication skills
- Ability to think critically, objectively and analytically
- Detail-oriented with strong project management, organization, prioritization and time management skills
- Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities
- Possess high integrity to handle sensitive and confidential data
- Ability to work accurately and efficiently under pressure
- Proven ability to work independently and drive projects to completion
- Ability to work collaboratively with subject matter resources, often in a virtual and cross border environment
- Confidence and poise to work directly with GPI leadership teams
- Willingness and ability to readily respond to changing circumstances and expectations
- Interest in effectively developing other colleagues and creating a culture of compliance, inclusion and professional growth
Qualifications
- At least 5 years of experience working for a professional services organization providing one or more of the following: regulatory and compliance, audit, consulting, financial advisory, enterprise risk management and other related services
- Substantive direct experience in one or more of the following: third party due diligence, ethics and compliance programs, risk and controls, process management or change management
- Certified Public Accountant, Certified Internal Auditor, Certified Fraud Examiner and/or relevant compliance experience a significant advantage
- Bachelor's degree in accounting, finance, business or related field
- Information Security certifications (CRISC, CISM)
- Functional experience working in a manufacturing environment with MES and ICS systems
- Knowledge of GDPR and CCPA privacy rules associated to accessing, classifying, transferring, or modifying data in its lifecycle
Required Experience
At Graphic Packaging International (NYSE: GPK), we produce the box you may have poured your child's cereal from this morning, the microwaveable tray that heated your lunch, the paper cup that held your coffee throughout the day, and the carrier of those bottles of craft beer you may enjoy tonight! We're one of the largest manufacturers of paperboard and paper-based packaging for some of the world's most recognized brands of food, beverage, foodservice, household, personal care and pet care products. Headquartered in Atlanta, Georgia, we are a team of collaborative, innovative, passionate individuals who are committed to providing consumer packaging that makes a world of difference.
With almost 18,000 employees working in more than 70 locations in North and South America, Europe and the Pacific Rim, we strive to be an environmentally responsible leader in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry's best to reward the talented people who make our company successful.
If this sounds like something you would like to be a part of, we'd love to hear from you. Learn more about us at www.graphicpkg.com.
Inspired Packaging. A World of Difference.
Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law.Click here to view the EEO is the Law Poster
What Graphic Packaging International employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Graphic Packaging
Sourced by ZipRecruiter
Industry
Plastics and rubber products manufacturing
Company size
10,000+ Employees
Headquarters location
Atlanta, GA, US
Year founded
1978