Third Party Due Diligence – Monitoring
Enterprise Controls Department
The Mizuho Americas Enterprise Controls Department (ECD) is a 1st Line of Defense (1LoD) risk and control function delivering enterprise control services across Third Party Services, Business Continuity Planning, and Business Risk and Control Services. The department creates singular accountability and a "one-stop shop" for enterprise control services across all lines of business and corporate functions in the Americas region, and it sits within the Mizuho Americas Enterprise Services Division.
Third Party Risk Management Unit
The TPRM Unit is a 1LoD risk function responsible for providing white-glove service to business lines and corporate functions, shepherding them through the Third Party Risk Management lifecycle, conducting due diligence directly with third parties, and providing oversight of the TPRM function.
Third Party Due Diligence (TPDD) Team
TPDD conducts risk-based evaluations of third-party service providers across Information Security, Information Technology, Business Continuity Planning, and adjacent domains, and is responsible for ongoing monitoring of third and fourth parties across Cybersecurity, Financial, Compliance, Operational, Geographic, and ESG events using tools including BitSight, Supply Wisdom, and NCFTA intelligence feeds.
Role Summary
The Assistant Vice President TPDD – Ongoing Monitoring is accountable for the end-to-end execution and quality of TPDD's continuous monitoring program for Critical, High, Moderate, Low, and Nominal third and fourth parties. The AVP owns the timely identification, triage, escalation, and resolution of monitoring alerts; partners with Third Party Managers (TPMs), Business Approvers, SMEs, Legal, and Compliance to drive remediation; and ensures all monitoring activity is documented in an audit-ready, regulator-defensible manner consistent with the MUSO TPRM Policy, Standard, and Procedure.
Roles and Responsibilities
Ongoing Third / Fourth Party Monitoring
Own end-to-end ongoing monitoring of third and fourth party risks across cybersecurity (BitSight) and enterprise risk domains (Supply Wisdom), including weekly alert reviews; trend and impact analysis; ransomware and vulnerability assessments; fourth-party incident reporting; monthly third-party and location license and data reconciliation with heat map analysis; composite risk-rating evaluations across Macro-Economic, Financial, Geo-Political, Infrastructure, Business, Legal, Security & Compliance, Scalability, and ESG domains; and coordination with Cyber Defense to review NCFTA alerts and identify, assess, and respond to emerging high-risk cyber threats affecting Mizuho third parties.
Alert Triage, Escalation, and Stakeholder Engagement
Serve as the primary point of contact for TPMs, Business Approvers, Legal, Compliance, CISO/Cyber Defense, Data Loss Prevention (DLP), and Subject Matter Experts (SMEs) to assess the business impact of third and fourth party risk events; document material incidents in Archer (e.g., score declines exceeding 5%, severe fourth-party incidents, sanctions hits, or breaches); identify and analyze risk issues, clearly communicate impacts in business terms, drive and track remediation to closure, and escalate Critical or High-risk issues to TPDD leadership, and TPRM Management, as appropriate.
Concentration & Portfolio Risk Monitoring
Support monthly concentration and portfolio risk monitoring across third parties (e.g., engagement volume, service locations, contingent workers, and sole-provider exposure), contribute to quarterly reporting, and maintain accurate BitSight portfolios and Supply Wisdom license assignments to ensure all concentration-risk third parties are continuously monitored as Critical under appropriate license types.
Assessment Lifecycle Support
Lead and perform due diligence reviews, reassessments, and significant change evaluations in accordance with TPRM policies and procedures; assess inherent risk and control effectiveness across key domains (e.g., Information Security, Technology, Business Continuity, Risk Management, Incident Management, Physical Security, Nth-Party Risk, and HR); identify and document due diligence gaps and risk exposures; recommend remediation, risk acceptance, or escalation actions in Archer; and coordinate Certificate of Insurance (COI) validation, as needed, including documenting any gaps.
Reporting, Governance, and Audit Readiness
Review Archer KRI reports to identify threshold breaches and overdue activities, assess risk impact, drive remediation with stakeholders, and escalate issues as needed; ensure risk acceptances are recorded and tracked; support internal and external audits, regulatory exams, and Federal Banking Agency Report of Examination (ROE) reviews through timely, accurate documentation; and maintain complete, audit-ready records, including QA reviews of 10% of Moderate/Low and 100% of Critical/High assessments.Program Enhancement
Contribute to the enhancement of IRQs, DDQs, monitoring playbooks, KRIs, and reporting processes to improve consistency, efficiency, and audit readiness; identify and remediate data anomalies in Archer and support reconciliations across systems (Archer, SNOW, Supply Wisdom, BitSight); and ensure timely, high-quality delivery of monitoring activities aligned with TPRM objectives and regulatory requirements, including additional responsibilities as needed to support the TPRM program.
The individual will be part of the Third Party Due Diligence team, working remotely with periodic onsite presence as required; the position will be commensurate with experience and qualifications.
Bachelor's degree in a relevant field, such as Information Security, Cybersecurity, Business Administration, Finance, or Risk Management.
5+ years of experience in third-party risk management, monitoring, risk assessment, IT audit, or related disciplines within regulated financial services or consulting.
Professional certifications strongly preferred (e.g., CTPRP, CTPRA, CISA, CRISC, CISSP).
Demonstrated experience with continuous monitoring platforms (BitSight, Supply Wisdom, or equivalent) and GRC tools (Archer or equivalent).
Solid knowledge of data analysis, contract review, data privacy, information security, information technology, and Business Continuity Planning (BCP) principles.
Strong ability to identify, assess, and articulate risks and vulnerabilities; sound judgment in evaluating control evidence.
Advanced Excel, AI and analytical skills, with strong attention to detail and accuracy.
Proven ability to manage priorities, drive issues to closure, and meet regulatory deadlines.
Strong interpersonal, stakeholder-management, and critical-thinking skills, with the ability to collaborate across the 1LoD, 2LoD, Legal, Compliance, and senior management.
Excellent written and verbal communication skills, with the ability to translate technical risks into clear business language for TPMs, Business Approvers, and executive stakeholders.
Experience with Shared Assessments (SIG framework) preferred.
Familiarity with U.S. regulatory expectations applicable to TPRM (FRB SR 13-19, OCC Bulletin 2013-29, NYDFS Part 500, FFIEC guidance) preferred.
The expected base salary ranges from $103,000.00 - $135,000.00. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, including but not limited to Medical, Dental and 401k that begin on day one of employment, successful candidates are also eligible to receive a discretionary bonus.
#LI-Remote
#LI-NR1
Other requirements
Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations. Roles in some of our departments have greater in-office requirements that will be communicated to you as part of the recruitment process.
Company Overview
Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.
Mizuho Americas offers a competitive total rewards package.
We are an EEO/AA Employer - M/F/Disability/Veteran.
We participate in the E-Verify program.
We maintain a drug-free workplace and reserve the right to require pre- and post-hire drug testing as permitted by applicable law.
#LI-MIZUHO
Similar Jobs
What you need to know about the NYC Tech Scene
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory


