Apply on Employer Site

Boeing · 2 days ago

Third Party Risk and Resilience (TPRR) Governance Manager

USA - Hazelwood, MO

Full-time

Hybrid

Mid, Senior Level

$140K/yr - $204K/yr

3+ years exp

The Boeing Company is seeking a hands-on and outcome driven Third Party Risk and Resilience (TPRR) Governance Manager to lead the Governance, Design, and Integration (GDI) and the enterprise governance and operating model for Third-Party Risk and Resilience. This role involves coordinating with various teams to establish policies and control criteria while ensuring operational excellence and compliance throughout the third-party lifecycle.

AerospaceIndustrial

No H1B

Responsibilities

Mature the TPRR governance and operating model, including policy, standards, procedures, and control criteria (SR family, SP5 updates, certification‑based assurance)

Publish and maintain TPRR command media and critical documentation; ensure traceability to regulatory, contractual, and internal control requirements

Lead the development and maintenance of our C‑SCRM Strategy & Implementation Plan (SIP), including update cadence

Define and maintain enterprise assessment criteria, scoring models, control requirements, and risk decisioning thresholds to support consistent, defensible outcomes

Govern integration design across the TPRR lifecycle (e.g., Cybersecurity Maturity Model Certification (CMMC) ingestion, Product Security, Fit‑For‑Use (FFU), Operational Technology (OT), BitSight signal use, Quick Reference Card (QRC) alignment, TACOS/issue management interfaces)

Partner with TPRR Technology & Assessment Operations to operationalize controls and requirements in Aravo; actively participate in the Aravo Change Board to prioritize configuration and ensure policy alignment

Oversee alignment to Sentinel gaps, AuditBoard risk and control management, internal/external audit readiness, track remediation and report progress to leadership

Establish TPRR metrics and Key Performance Indications (KPIs) in partnership with TPRR Technology & Assessment Operations team and TPRR Project Management Office; ensure measures drive risk reduction, Service Level Agreements (SLA) adherence, and quality of outcomes

Provide executive-ready communications, leadership updates, and decision support (e.g., operating rhythm, Sub‑Council materials, roadmap revisions)

Drive change management, training, command media, and desktop references/job aids for enterprise stakeholders adopting TPRR requirements

Lead a high-performing team of TPRR governance, design, and integration professionals; build talent, foster collaboration, and promote a culture of accountability and continuous improvement

Qualification

Third-party risk managementCyber risk governanceNIST SP 800-171/161Policy designControl frameworksAravoBitSightChange managementCommunication skillsTeam leadership

Required

3+ years in third-party risk management, cyber risk governance, assurance, or related risk/compliance roles, including experience designing policies, standards, and control frameworks

Experience with NIST SP 800‑171/161 and enterprise third‑party risk control families; familiarity with DFARS/DoD cyber ecosystem and certification‑based assurance approaches

Experience with governing technology/process integrations across complex programs (e.g., assessment workflows, issue management)

Experience partnering with product/engineering teams

Experience with strong communication skills and a record of driving cross‑functional alignment and change at scale

Ability to translate policy and controls into operational requirements, contract terms, metrics, and tooling backlogs

Preferred

Bachelor's degree in information security, IT, Risk Management, Business, or related field

Master's degree

Certifications such as CISM, CRISC, CISSP, CISA, CBCP, CGEIT, CTPRP/CTPRA, and/or PMP

Experience with Aravo (or similar TPRM platforms), BitSight or equivalent external risk data, QRC/TACOS or issue/quality management systems, and AuditBoard

Experience with advanced analytics and dashboarding (e.g., Power BI) for control effectiveness, SLA, and lifecycle reporting

Experience leading governance councils, command media programs, and/or large-scale risk transformation initiatives