Senior Manager, Third-Party Risk Management (TPRM)

Responsibilities

• Policy Ownership & Governance
• TPRM policy development: Own, author, and maintain Hagerty's enterprise wide Third Party Risk Management policy, standards, and procedures, ensuring alignment with regulatory requirements, industry frameworks (e.g., NIST CSF, ISO 27001, COBIT), and Hagerty's risk appetite.
• Policy lifecycle management: Lead scheduled and event-driven policy reviews, updating documentation in response to changes in regulation, business strategy, technology, or the vendor landscape.
• Framework integration: Align TPRM policy with adjacent governance frameworks including information security, business continuity, data privacy, and enterprise risk management-ensuring consistency without duplication.
• Regulatory compliance: Ensure TPRM policies meet applicable state and federal insurance regulations, NAIC model law requirements, and any contractual or audit-driven obligations.
• Exception management: Design and administer a formal policy exception process, documenting risk acceptance decisions with appropriate stakeholder sign-off.
• Vendor Lifecycle Risk Integration
• Risk-tiered due diligence: Design and embed a risk tiering methodology into Hagerty's sourcing and onboarding process, ensuring the level of pre-contract due diligence is calibrated to the risk profile of each vendor.
• Onboarding & contracting: Partner with Enterprise Procurement and Legal to ensure vendor contracts include appropriate risk and compliance provisions-covering data protection, business continuity, audit rights, and termination for cause.
• Ongoing monitoring: Oversee a structured program of periodic reassessments, performance reviews, and continuous monitoring activities for active third parties, with heightened attention to critical and high-risk vendors.
• Offboarding controls: Establish standards for vendor offboarding that protect Hagerty's data, systems, and operational continuity at contract termination.
• Supplier relationship management program: Maintain a register of critical and high-risk third parties, coordinate enhanced oversight activities and reviews, and ensure concentration risks are visible to senior leadership.
• Procurement Partnership & Business Enablement
• Embedded risk advisory: Function as the day-to-day risk advisor to the Enterprise Procurement team, providing guidance during sourcing events, RFP evaluation, negotiation, and contract execution.
• Risk-informed sourcing: Bring third party risk considerations into category strategies and sourcing decisions early-helping the business identify and mitigate risk before commitments are made.
• Business unit advisory: Serve as a trusted TPRM resource for business unit stakeholders who engage vendors directly, ensuring consistent application of policy across the organization and active participation in supplier business reviews.
• Training & enablement: Design and deliver TPRM training for Enterprise Procurement staff and business-facing teams, building risk literacy and practical policy compliance across all vendor-facing roles.
• Reporting, Audit & Program Maturity
• Executive reporting: Develop and present TPRM program dashboards, key risk indicators (KRIs), and risk trend analysis to the VP of Enterprise Procurement, ERM leadership, and Risk Comm

Benefits

Additional Information

Say hello to Hagerty Hagerty is a company built by drivers for drivers. We put our members at the center of everything we do and are dedicated to making it easier and more enjoyable for enthusiasts to drive and celebrate the machines they love. We're proud to be the world's largest insurer of collectible and enthusiast vehicles and are home to the Hagerty Drivers Club, the world's largest car club. Our Marketplace business presents live and digital sales across the U.S. and Europe, we host a number of driving events and concours, and our award-winning automotive journalists produce the most popular car magazine globally, alongside internationally awarded videos. We're committed to Never Stop Driving. Ready to get in the driver's seat? Join us! The Senior Manager, Third Party Risk Management (TPRM) Policy is a key leadership role embedded within Hagerty's Enterprise Procurement & TPRM function. This position is responsible for building and stewarding a robust third-party risk governance framework that protects Hagerty from vendor-related operational, financial, regulatory, and reputational exposure-while enabling the business to move at speed with the right partners. Sitting within Enterprise Procurement, this role is uniquely positioned at the intersection of sourcing decisions and risk governance. The Senior Manager will own TPRM policy end-to-end, integrate risk discipline into the full vendor lifecycle, and serve as the connective tissue between Procurement, Enterprise Risk Management, Legal, IT/Security, and business stakeholders. The ideal candidate combines policy expertise with a practical, business-enabling mindset - someone who knows that good risk management doesn't slow deals down; it makes them better.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at hagerty? Share your experience