Manager - Third Party Risk and Compliance MGT

Rockwell Automation is a global technology leader focused on helping the world’s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that’s you we would love to have you join us!

Job Description

Your Responsibilities:

• Lead the Third-Party Risk Management (TPRM) and supply chain security programme, covering onboarding, monitoring, and offboarding of third parties.

• Conduct and oversee risk assessments (inherent and residual) across domains such as information security, privacy, operational, financial, and regulatory risk.

• Oversee third-party software/firmware compliance and assurance activities (security, licencing, export control, regulatory requirements).

• Review and validate SW/FW-related technical documentation (SBOMs, vulnerability disclosures, Software Development Lifecycle, evidence, certifications, test reports).

• Assess third-party compliance with secure product development practices (vulnerability management, patching, incident response).

• Ensure compliance with regulations, standards, and frameworks (IEC 62443, ISO 27001, IEC 616508, RBA, cyber regulations).

• Review and validate third-party technical and risk documentation (questionnaires, audit reports, certifications, remediation plans).

• Partner with Legal, Procurement, IT Security, Privacy, and Business teams to align risk decisions with our needs.

• Monitor third-party issues, findings, and remediation activities, ensuring timely closure risk mitigation.

• Define TPRM policies, procedures, templates, and guides.

• Support audits, regulatory inquiries, and management reporting related to third-party risk and compliance.

• Provide risk insights to senior management to support informed decision-making.

• Improve through automation, tooling (e.g., GRC platforms), and standardised risk methodologies.

• You will report to DIRECTOR, SUPPLIER QUALITY.

People & Partner Management:

• Be a trusted advisor to team members and business leaders on third-party risk matters.

• Coordinate with global teams, suppliers, and distributors across regions.

• Guide junior team members, ensuring consistency and quality in risk assessments.

The Essentials – You Will Have:

• Bachelor's degree in Engineering, Information Systems, Risk Management, or related field.

• 12+ years of experience in third-party risk, compliance, audit, or related risk management departments.

• Experience with third-party risk management, compliance, and governance processes.

• Experience with GRC tools and risk assessment methodologies (qualitative/quantitative).

• Working knowledge of cybersecurity, privacy, and regulatory compliance concepts.

The Preferred – You Might Also Have:

• Relevant certifications such as Cysec Certification, CISA, CRISC, CISSP, and ISO Lead Auditor.

• Experience in secure product development lifecycle assurance.

• Familiarity with international regulatory frameworks and industry standards.

What We Offer:

Our benefits package includes …

... and other local benefits!

At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles.
 

#LI-Hybrid

#LI-FR1

Rockwell Automation’s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.