3rd Party Risk and Compliance (TPRM) Lead
Job Description
Serving the needs of all families with young children, Carter’s Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter’s, OshKosh B’gosh, Skip*Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.
How You’ll Make an Impact:
In this role, you will own the process for the implementation of leading security and governance practices, procedures, and controls to protect Carter’s information assets and ensure compliance with applicable regulatory requirements.
This role typically reports to the Director of IT Risk, Governance, and Compliance, and is based in our Buckhead office in our hybrid work environment. Third-party Risk Management (TPRM) and Compliance are a high priority for the teams at Carter's, and your support will be felt from day one!
IT Compliance 3rd Party Risk Management (80%)
Build/Create/Mature the existing Carter’s IT 3rd Party Risk Management programs
Responsible for leading the implementation of the IT 3rd Party Risk Management program for all of CRI.
Partner and support the Director of IT Risk and Compliance with the selection of 3rd Party Risk Management Framework
Lead discussions with multiple levels of enterprise leadership, drive communication through multiple channels, vendor partners, and leadership team members, in a clear, digestible manner
Manage the partnership between vendor owners, compliance, stakeholders, and C-Suite level business owners.
Responsible for preparing and reporting IT 3rd Party Risk Management status and key metrics to Executive Management.
Responsible for analyzing all vendors to determine Tier 1 through Tier 3 vendors
Conduct periodic review cycle implementation
Evaluate and update IT security policies, procedures, and standards to ensure alignment with applicable security control requirements
Assist the VP of Procurement to build out the vendor management global program for Carter’s
Review guidelines related to IT 3rd party risk management, and coordinate with various teams to ensure compliance with requirements
Manage and upkeep of data maps process i.e., workflows within One Trust that handle IT 3rd party vendor management data
Monitoring and management 3rd party vendor investigation as appropriate including collaborating with business partners who own the vendor relationship
Coordinate IT 3rd party vendor management external systems in support of internal groups
IT Risk Management (20%)
Assist in the execution of IT security risk assessments against industry-leading security control frameworks
Update metrics and analytics to track remediation progress and demonstration of control maturity and effectiveness
Evaluate the adequacy and effectiveness of safeguards protecting sensitive Company information
Assist with the Cyber Security semiannual review process
We’d Love to hear from you if:
Bachelor’s degree is required, technical degree preferred
Professional certification (CISA, CISM, CGEIT, CRISC or similar) preferred
5+ years of experience related to building and implementing IT 3rd party risk management programs
Experience implementing and maturing 3rd party risk management plans
The ability to think critically, assess and quantify technology risk, document complex processes, and collaborate effectively with cross-functional stakeholders is required
Have high-level research and presentation experience for 3rd party risk management-related assignments
Assists with special projects and risk mitigation objectives
OUR Team Members:
Lead Courageously: Have a strong sense of personal values that align with our Company values
Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment
Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients
Drive Growth: Set aggressive goals and implement plans precisely
Cultivates Innovation: Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes
Make a career at Carter’s:
Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.
NOTE: This job description is not intended to be all-inclusive. The duties described may be changed or reassigned at the discretion of management, and the employee may be required to perform duties that are not listed in the job description.
#LI-Hybrid
Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.
Application Instructions
Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!
Apply Online