3rd Party Risk and Compliance (TPRM) Lead

Serving the needs of all families with young children, Carter’s Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter’s, OshKosh B’gosh, Skip*Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.

How You’ll Make an Impact:

In this role, you will own the process for the implementation of leading security and governance practices, procedures, and controls to protect Carter’s information assets and ensure compliance with applicable regulatory requirements.

This role typically reports to the Director of IT Risk, Governance, and Compliance, and is based in our Buckhead office in our hybrid work environment. Third-party Risk Management (TPRM) and Compliance are a high priority for the teams at Carter's, and your support will be felt from day one!

IT Compliance 3rd Party Risk Management (80%)

• Build/Create/Mature the existing Carter’s IT 3rd Party Risk Management programs

• Responsible for leading the implementation of the IT 3rd Party Risk Management program for all of CRI.

• Partner and support the Director of IT Risk and Compliance with the selection of 3rd Party Risk Management Framework

• Lead discussions with multiple levels of enterprise leadership, drive communication through multiple channels, vendor partners, and leadership team members, in a clear, digestible manner

• Manage the partnership between vendor owners, compliance, stakeholders, and C-Suite level business owners.

• Responsible for preparing and reporting IT 3rd Party Risk Management status and key metrics to Executive Management.

• Responsible for analyzing all vendors to determine Tier 1 through Tier 3 vendors

• Conduct periodic review cycle implementation

• Evaluate and update IT security policies, procedures, and standards to ensure alignment with applicable security control requirements

• Assist the VP of Procurement to build out the vendor management global program for Carter’s

• Review guidelines related to IT 3rd party risk management, and coordinate with various teams to ensure compliance with requirements

• Manage and upkeep of data maps process i.e., workflows within One Trust that handle IT 3rd party vendor management data

• Monitoring and management 3rd party vendor investigation as appropriate including collaborating with business partners who own the vendor relationship

• Coordinate IT 3rd party vendor management external systems in support of internal groups

IT Risk Management (20%)

• Assist in the execution of IT security risk assessments against industry-leading security control frameworks

• Update metrics and analytics to track remediation progress and demonstration of control maturity and effectiveness

• Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information

• Assist with the Cyber Security semiannual review process

We’d Love to hear from you if:

• Bachelor’s degree is required, technical degree preferred

• Professional certification (CISA, CISM, CGEIT, CRISC or similar) preferred

• 5+ years of experience related to building and implementing IT 3rd party risk management programs 

• Experience implementing and maturing 3rd party risk management plans

• The ability to think critically, assess and quantify technology risk, document complex processes, and collaborate effectively with cross-functional stakeholders is required

• Have high-level research and presentation experience for 3rd party risk management-related assignments

• Assists with special projects and risk mitigation objectives

OUR Team Members:

• Lead Courageously: Have a strong sense of personal values that align with our Company values

• Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment

• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients

• Drive Growth: Set aggressive goals and implement plans precisely

• Cultivates Innovation:  Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes

Make a career at Carter’s:

• Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.

NOTE:  This job description is not intended to be all-inclusive. The duties described may be changed or reassigned at the discretion of management, and the employee may be required to perform duties that are not listed in the job description.

#LI-Hybrid

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.