Director of Cyber Third-Party Assurance

Full-Time, Boston, Springfield

The Opportunity

As the Director of the Cyber Third-Party Assurance team you will work in a fast-paced, collaborative environment overseeing the onboarding and continuous monitoring of Mass Mutual’s third-parties. The Director of Cyber Third-Party Assurance (CTPA) leads the enterprise’s vendor and supplier cybersecurity risk management function. This role is responsible for ensuring that third-party engagements meet Mass Mutual’s cybersecurity standards and comply with regulatory expectations. The position manages a team responsible for four critical verticals : onboarding new vendors, conducting risk-based assessments of returned questionnaires, actively monitoring critical vendors through continuous oversight and managing third-party risk questionnaires received when Mass Mutual serves as a vendor. This role ensures that there is a consistent, risk-driven approach to protecting the enterprise from supplier-related cyber threats.

Key Responsibilities

• Vendor Onboarding & Due Diligence : Oversee the vendor onboarding process, beginning with inherent risk assessments and tailored due diligence questionnaires. Lead the review of questionnaire responses, assign risk scores, and determine requirements for follow-up remediation or reassessment. Partner with Procurement, Legal, and Governance to ensure contract language reflects cyber requirements.
• Ongoing Vendor Monitoring : Direct continuous monitoring of critical and high-risk vendors using third-party risk intelligence tools (e.g., RiskRecon). Oversee periodic reassessments based on vendor tier, risk exposure, and regulatory requirements. Ensure supplier vulnerabilities and incident notifications are addressed and escalated appropriately.
• Third-Party Questionnaire Responses : Manage the function that responds to cybersecurity questionnaires MassMutual receives as a third party to other organizations. Ensure responses are accurate, consistent, and aligned with enterprise security posture and regulatory expectations.
• Governance, Reporting & Stakeholder Engagement : Provide executive-level reporting on third-party cyber risk posture, metrics, and emerging risks. Align with Governance, Enterprise Risk Management, and Internal Audit to ensure defensible oversight. Partner with BISOs, platform engineering, and security control owners to ensure vendor cyber risk is accurately identified and managed.

The Team

The Cyber Third-Party Assurance (CTPA) team plays a critical role in protecting Mass Mutual’s enterprise by managing cyber and operational risks across its vast supplier ecosystem. This team serves as a strategic partner to the business, providing assurance that our vendors and SaaS providers maintain the highest standards of security, compliance, and resilience. Leveraging advanced tools and regulatory expertise, CTPA delivers proactive risk insights, drives remediation of control gaps, and strengthens the organization’s ability to meet stringent expectations from regulators, clients and the board.

The Impact

Qualifications

MassMutual is an equal employment opportunity employer. We welcome all persons to apply. If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.

#J-18808-Ljbffr