Manager, Vendor Risk Management

About the Role:

Upgrade is seeking a Manager to evaluate and oversee our business-critical vendors, ensuring their controls align with, and properly address, the risks associated with their services. You'll play a key role in protecting Upgrade by conducting thorough due diligence and ongoing monitoring of our third-party relationships. This role requires a strong collaborator who can work effectively with both internal stakeholders and external partners.

What You'll Do:

• Conduct risk-based reviews of critical vendors, evaluating everything from policies and procedures to financial health, security programs, operational capabilities, and performing testing.
• Partner with internal business owners, Legal, Compliance, Product, and Information Security teams, as well as external vendors, to gather all necessary documentation and facilitate expert reviews.
• Prepare clear and concise summaries of vendor materials, including diligence reviews, monitoring activities, testing results, and public records research (e.g., regulatory actions, litigation, negative news, complaints).
• Assist with onboarding new vendors including performing risk assessments, diligence, and direct follow-up with vendors
• Identify, escalate, and monitor vendor issues to ensure timely resolution.
• Ensure all vendor reviews and monitoring plans are accurately maintained and up-to-date.

Skills We're Looking For:

• 3-5 years of experience in vendor management, third-party risk management, or compliance
• Ability to take ownership of and navigate highly detailed and complex processes.
• Demonstrated strong project management, time management, prioritization, critical thinking, and analytical abilities.
• Excellent verbal and written communication skills, capable of conveying complex and sensitive issues clearly and persuasively to both internal and external audiences.
• A natural curiosity and the confidence to ask insightful, clarifying questions.
• Demonstrated experience navigating regulatory requirements and control frameworks (e.g., SOC, PCI, third-party audits) in financial services and/or fintech environments.
• Prior experience with Zip, Upguard, Ironclad, JIRA, Confluence, AI & LLMs

What We Offer You: 

• Competitive salary and stock option plan
• 100% paid coverage of medical, dental and vision insurance 
• Flexible PTO
• Competitive 401(k) and RRSP program
• Opportunities for professional growth and development 
• Paid parental leave
• Health & wellness initiatives

The compensation range of this position in San Francisco, CA is USD $140,000 - $160,000 annually plus equity and benefits. Within this range, an individual's base pay will be dependent on a variety of factors, including without limitation, job-related knowledge, skills, education, and experience.