Develop and implement clinical care plans for patients with chronic illnesses, perform patient assessments, monitor progress, and maintain communication with physicians to ensure optimal patient care and resource coordination.

• Responsible for the fiduciary oversight, functional evaluation, and governance of MissionSquare’s GPAS platform and all managed account programs • Conduct due-diligence testing, analyzing risk and performance trends, and documenting functional requirements • Strengthen operational controls and partner cross-functionally with third-party vendors • Maintain and update GPAS oversight documentation • Conduct fiduciary due-diligence testing across all in-plan managed account programs • Identify emerging risk trends, perform root cause analysis, and recommend solutions • Perform functional and user acceptance testing (UAT) for system and process changes • Evaluate business processes and system workflows, identify functional gaps, and recommend improvements • Serve as the functional subject matter liaison between GPAS teams and third-party vendors • Define and document reporting and data requirements for fiduciary oversight, client needs, and internal reporting • Prepare materials and reporting for the GPAS Committee • Respond to FCC inquiries, providing validated documentation and testing results • Assess functional and risk impacts of proposed changes to GPAS processes

• Support program Risk Manager in the area of Program Risk Management • Prepare risk management plans and processes fit for the Program and Projects • Develop and organize risk mitigation plans • Develop tracking mechanisms to control effectiveness of risk management • Assist in the execution and maintenance of program risk management service framework • Recognize and manage program risks in area of responsibility • Effectively facilitate risk interviews and run workshops • Work and collaborate with business customers, Functional managers, project managers and engineers • Assist in the development of program specific risk management plans • Organize and facilitate Construction risk mitigation meetings • Review program documents, analyze program data and develop Program and Project Risk Registers • Develop quantitative integrated cost and schedule Program risk models using risk software

Role Description We are looking for a Sr. Third Party Risk Specialist to own and evolve PNM’s third-party risk program across vendor governance, risk assessment, due diligence, and continuous monitoring. This role requires a strategic thinker with a builder’s mindset—someone who can assess complex vendor risk, improve scalable processes, and influence alignment across security, compliance, legal, procurement, product, engineering, operations, and customer-facing teams. This is an individual contributor role for someone who can operate at a senior level—balancing expert risk analysis, cross-functional coordination, regulatory awareness, and execution excellence. You’ll lead governance for critical and high-risk vendors, drive completion of incoming partner and client due diligence requests, and innovate efficiency strategies through automation, risk tiering, workflow orchestration, and continuous monitoring. This role will report to the Director of Security GRC. Responsibilities: - Own and evolve enterprise-wide third-party security risk strategy, including automation, continuous monitoring, and emerging risk domains (e.g., AI/ML vendors) - Liaise with cross-functional teams and leadership to ensure consistent, thorough operationalization of third party security risk controls - Communicate complex vendor risk landscapes and prioritization decisions clearly to senior leadership - Drive alignment on third party risk tolerance, vendor management decisions, and mitigation strategies - Execute completion of and innovate efficiency strategies for incoming due diligence requests from partners and clients - Administer in-scope tech stack (e.g. BlackKite, Responsive, Serval, N8N) - Coach and develop team members, leading large-scale, cross-functional initiatives to mature TPRM capabilities and improve operational efficiency - Contribute to evolution of TPRM best practices across the organization - Maintain and improve third-party security risk framework artifacts, including risk assessment methodology, vendor tiering, control expectations, procedures, and reporting - Partner with Legal, Procurement, and business owners to ensure third-party security risks are appropriately documented, accepted, mitigated, or escalated - Monitor critical and high-risk vendors for control changes, risk signals, remediation progress, and ongoing compliance concerns Qualifications - 7+ years in risk management, including ownership of program-level strategy, cross-functional influence, and transformation initiatives - Bachelor’s degree in Computer Science, Risk Management, or related field (or equivalent experience); advanced certifications preferred (e.g., CRISC, CISM, FAIR, or relevant emerging risk training) - Proven track record of spearheading third party risk program improvements with measurable impact - Hands-on experience managing third party AI risk - Excellent communication and stakeholder management skills—especially with senior engineering, product, and business leaders. - Comfortable operating independently, managing ambiguity, and taking ownership at both strategic and tactical levels. - Experience developing and managing comprehensive third party program plans, roadmaps, and status updates to keep stakeholders aligned and informed. - Fluency in cyber risk methodologies – ability to communicate complex risk considerations and proposals to leadership and peers - Expertise in qualitative and quantitative third-party risk analysis, including the ability to translate risk into business impact - Substantial experience with AI/automation tools, as well as GRC, TPRM, security ratings, questionnaire automation, or workflow orchestration platforms - Working knowledge of relevant security and risk frameworks such as SIG, CSA STAR for AI, ISO 27001, SOC 2, PCI DSS, or NIST AI RMF Requirements - Experience in payments, fintech, or regulated industries - Experience with third-party security risk management, client due diligence, and vendor governance in a regulated environment - Exposure to automation, continuous monitoring, security ratings, questionnaire platforms, or GRC workflow tools - Deep understanding of AI/ML vendor risk, including how AI-enabled services are assessed, monitored, and governed responsibly Benefits - Competitive salary and benefits with growth-company options grant - Fast-paced and professional work culture - Stock options with standard startup vesting - 1 year cliff; 4 years total - $50 monthly communication expense stipend to go towards your phone/internet bill - $250 stipend to enhance your WFH setup - Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200) - Premium medical benefits including vision and dental (100% coverage for employees) - Company-sponsored life and disability insurance - Paid parental bonding leave - Paid sick leave, jury duty, bereavement - 401k plan - Flexible Time Off (our team members typically take off ~3-4 weeks per year) - Volunteer Time Off - 13 scheduled holidays