Role Description We are looking for a Sr. Third Party Risk Specialist to own and evolve PNM’s third-party risk program across vendor governance, risk assessment, due diligence, and continuous monitoring. This role requires a strategic thinker with a builder’s mindset—someone who can assess complex vendor risk, improve scalable processes, and influence alignment across security, compliance, legal, procurement, product, engineering, operations, and customer-facing teams. This is an individual contributor role for someone who can operate at a senior level—balancing expert risk analysis, cross-functional coordination, regulatory awareness, and execution excellence. You’ll lead governance for critical and high-risk vendors, drive completion of incoming partner and client due diligence requests, and innovate efficiency strategies through automation, risk tiering, workflow orchestration, and continuous monitoring. This role will report to the Director of Security GRC. Responsibilities: - Own and evolve enterprise-wide third-party security risk strategy, including automation, continuous monitoring, and emerging risk domains (e.g., AI/ML vendors) - Liaise with cross-functional teams and leadership to ensure consistent, thorough operationalization of third party security risk controls - Communicate complex vendor risk landscapes and prioritization decisions clearly to senior leadership - Drive alignment on third party risk tolerance, vendor management decisions, and mitigation strategies - Execute completion of and innovate efficiency strategies for incoming due diligence requests from partners and clients - Administer in-scope tech stack (e.g. BlackKite, Responsive, Serval, N8N) - Coach and develop team members, leading large-scale, cross-functional initiatives to mature TPRM capabilities and improve operational efficiency - Contribute to evolution of TPRM best practices across the organization - Maintain and improve third-party security risk framework artifacts, including risk assessment methodology, vendor tiering, control expectations, procedures, and reporting - Partner with Legal, Procurement, and business owners to ensure third-party security risks are appropriately documented, accepted, mitigated, or escalated - Monitor critical and high-risk vendors for control changes, risk signals, remediation progress, and ongoing compliance concerns Qualifications - 7+ years in risk management, including ownership of program-level strategy, cross-functional influence, and transformation initiatives - Bachelor’s degree in Computer Science, Risk Management, or related field (or equivalent experience); advanced certifications preferred (e.g., CRISC, CISM, FAIR, or relevant emerging risk training) - Proven track record of spearheading third party risk program improvements with measurable impact - Hands-on experience managing third party AI risk - Excellent communication and stakeholder management skills—especially with senior engineering, product, and business leaders. - Comfortable operating independently, managing ambiguity, and taking ownership at both strategic and tactical levels. - Experience developing and managing comprehensive third party program plans, roadmaps, and status updates to keep stakeholders aligned and informed. - Fluency in cyber risk methodologies – ability to communicate complex risk considerations and proposals to leadership and peers - Expertise in qualitative and quantitative third-party risk analysis, including the ability to translate risk into business impact - Substantial experience with AI/automation tools, as well as GRC, TPRM, security ratings, questionnaire automation, or workflow orchestration platforms - Working knowledge of relevant security and risk frameworks such as SIG, CSA STAR for AI, ISO 27001, SOC 2, PCI DSS, or NIST AI RMF Requirements - Experience in payments, fintech, or regulated industries - Experience with third-party security risk management, client due diligence, and vendor governance in a regulated environment - Exposure to automation, continuous monitoring, security ratings, questionnaire platforms, or GRC workflow tools - Deep understanding of AI/ML vendor risk, including how AI-enabled services are assessed, monitored, and governed responsibly Benefits - Competitive salary and benefits with growth-company options grant - Fast-paced and professional work culture - Stock options with standard startup vesting - 1 year cliff; 4 years total - $50 monthly communication expense stipend to go towards your phone/internet bill - $250 stipend to enhance your WFH setup - Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200) - Premium medical benefits including vision and dental (100% coverage for employees) - Company-sponsored life and disability insurance - Paid parental bonding leave - Paid sick leave, jury duty, bereavement - 401k plan - Flexible Time Off (our team members typically take off ~3-4 weeks per year) - Volunteer Time Off - 13 scheduled holidays

• Lead strategic analytics by identifying medical cost drivers and trends, risks, and affordability opportunities. • Develop and execute analysis and AI to support Payment Integrity strategies at the enterprise level driving alignment across various business unites to ensure enterprise financial goals & priorities • Tell the story behind the data, translating analytical findings into clear, executive‑ready insights that influence decisions across technical, operational, and senior leadership audiences. • Own financial business cases for new affordability initiatives, including forecasts, variance analysis, and recommendations to improve performance. • Support Payment Integrity by overseeing analytics for initiatives, policy changes, and ongoing performance monitoring. • Improve reporting and visualization by assessing current capabilities and advancing self‑service analytics solutions, utilizing AI to optimize quality, accuracy and reporting (e.g., Databricks, Tableau, Claude, Cursor or similar tools). • Modernize analytics through scalable methods, automation, and thoughtful use of AI‑enabled tools where they add value. • Monitors and conducts research of related affordability, AI, business trends, using data and qualitative performance measures, to advise senior management relative to Payment Integrity strategy. • Manage and develop a team of analysts, setting clear priorities, ensuring high‑quality output, and supporting continuous skill development. • Balance multiple initiatives by prioritizing and delegating work effectively in a fast‑paced, dynamic environment. • Ensure data quality and accuracy by implementing appropriate checks, controls, and processes. • Act as a trusted thought partner to senior leaders by proactively identifying insights, risks, and emerging trends that inform near‑ and long‑term affordability strategy.

• Lead end-to-end analytics to evaluate medical cost savings initiatives, including medical policy changes and other cost containment programs • Own savings estimates by developing accurate, auditable financial impact assessments grounded in historical and current medical expense patterns • Partner cross-functionally with Clinical Operations, Network, Coverage Policy, project managers, and medical directors to align assumptions, methodologies, and measurement strategies • Identify trends and cost drivers through exploratory, longitudinal, and ad hoc analysis to surface emerging patterns and anomalous utilization • Design and maintain analytical routines (tools, algorithms, monitoring) to track medical forecasts and savings performance over time • Apply advanced analytics (statistical techniques and scalable methods) to generate insights that support medical cost trend reduction and assess the impact to providers, clients and customers • Tell the story behind the data by translating complex findings into concise, executive-ready summaries and recommendations for stakeholders at multiple organizational levels

• Provide a comprehensive and diverse range of risk management expertise to business leaders • Lead and support the implementation of appropriate risk frameworks • Provide oversight, commentary, and recommendations based on strategy and industry best practices • Support execution of risk activities end-to-end for Consumer Deposit and Payments Program (CDPP) • Demonstrate an ability to build and sustain effective working relationships with business partners • Solve unique and ambiguous problems with broad impact • Engage stakeholders to take action and influence change