Sr. Third Party Risk Specialist
PayNearMe, Inc.
Posted about 5 hours ago
Company Description
At PayNearMe, we’re on a mission to make paying and getting paid as simple as possible. We build innovative technology that transforms the way businesses and their customers experience payments. Our industry-leading platform, PayXM™, is the first of its kind—designed to manage the entire payment experience from start to finish. Every click, swipe or tap is seamless, fast and secure, helping non-commerce businesses boost customer satisfaction, accelerate payments, and reduce costs.
Our single platform handles it all: cards, ACH, digital wallets such as PayPal, Venmo, Cash App Pay, Apple Pay and Google Pay, and even cash at more than 62,000 retail locations nationwide. Today, thousands of businesses across consumer lending, iGaming and online sports betting, property management, and tolling trust PayNearMe to deliver a payment experience that drives real results.
In September 2025, we raised a $50 million Series E funding round to accelerate our growth.
We’re a team of 300+ employees across 41 states, headquartered in Silicon Valley with satellite offices in Dallas, TX and Holmdel, NJ.
Join us and be part of a team that’s shaping the future of payments—one experience at a time.
We are looking for a Sr. Third Party Risk Specialist to to own and evolve PNM’s third-party risk program across vendor governance, risk assessment, due diligence, and continuous monitoring.This role requires a strategic thinker with a builder’s mindset—someone who can assess complex vendor risk, improve scalable processes, and influence alignment across security, compliance, legal, procurement, product, engineering, operations, and customer-facing teams.
This is an individual contributor role for someone who can operate at a senior level—balancing expert risk analysis, cross-functional coordination, regulatory awareness, and execution excellence. You’ll lead governance for critical and high-risk vendors, drive completion of incoming partner and client due diligence requests, and innovate efficiency strategies through automation, risk tiering, workflow orchestration, and continuous monitoring.
This role will report to the Director of Security GRC.
Responsibilities:
- Own and evolve enterprise-wide third-party security risk strategy, including automation, continuous monitoring, and emerging risk domains (e.g., AI/ML vendors)
- Liaise with cross-functional teams and leadership to ensure consistent, thorough operationalization of third party security risk controls
- Communicate complex vendor risk landscapes and prioritization decisions clearly to senior leadership
- Drive alignment on third party risk tolerance, vendor management decisions, and mitigation strategies
- Execute completion of and innovate efficiency strategies for incoming due diligence requests from partners and clients
- Administer in-scope tech stack (e.g. BlackKite, Responsive, Serval, N8N)
- Coach and develop team members, leading large-scale, cross-functional initiatives to mature TPRM capabilities and improve operational efficiency
- Contribute to evolution of TPRM best practices across the organization
- Maintain and improve third-party security risk framework artifacts, including risk assessment methodology, vendor tiering, control expectations, procedures, and reporting
- Partner with Legal, Procurement, and business owners to ensure third-party security risks are appropriately documented, accepted, mitigated, or escalated
- Monitor critical and high-risk vendors for control changes, risk signals, remediation progress, and ongoing compliance concerns
Requirements:
- 7+ years in risk management, including ownership of program-level strategy, cross-functional influence, and transformation initiatives
- Bachelor’s degree in Computer Science, Risk Management, or related field (or equivalent experience); advanced certifications preferred (e.g., CRISC, CISM, FAIR, or relevant emerging risk training)
- Proven track record of spearheading third party risk program improvements with measurable impact
- Hands-on experience managing third party AI risk
- Excellent communication and stakeholder management skills—especially with senior engineering, product, and business leaders.
- Comfortable operating independently, managing ambiguity, and taking ownership at both strategic and tactical levels.
- Experience developing and managing comprehensive third party program plans, roadmaps, and status updates to keep stakeholders aligned and informed.
- Fluency in cyber risk methodologies – ability to communicate complex risk considerations and proposals to leadership and peers
- Expertise in qualitative and quantitative third-party risk analysis, including the ability to translate risk into business impact
- Substantial experience with AI/automation tools, as well as GRC, TPRM, security ratings, questionnaire automation, or workflow orchestration platforms
- Working knowledge of relevant security and risk frameworks such as SIG, CSA STAR for AI, ISO 27001, SOC 2, PCI DSS, or NIST AI RMF
Preferred:
- Experience in payments, fintech, or regulated industries
- Experience with third-party security risk management, client due diligence, and vendor governance in a regulated environment
- Exposure to automation, continuous monitoring, security ratings, questionnaire platforms, or GRC workflow tools
- Deep understanding of AI/ML vendor risk, including how AI-enabled services are assessed, monitored, and governed responsibly
Why Join Us?:
- Competitive salary and benefits with growth-company options grant
- Fast- paced and professional work culture
- Stock options with standard startup vesting - 1 year cliff; 4 years total
- $50 monthly communication expense stipend to go towards your phone/internet bill
- $250 stipend to enhance your WFH setup
- Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
- Premium medical benefits including vision and dental (100% coverage for employees)
- Company-sponsored life and disability insurance
- Paid parental bonding leave
- Paid sick leave, jury duty, bereavement
- 401k plan
- Flexible Time Off (our team members typically take off ~3-4 weeks per year)
- Volunteer Time Off
- 13 scheduled holidays
PayNearMe strives to create a workplace where all employees thrive. Our core values represent who we are today and we take pride in the way we work with each other as well as with our stakeholders.
We’re in this together to do the right thing. We deliver real results we are proud of while remaining respectful, transparent, and flexible.
PayNearMe is an equal opportunity employer. We are diligently and thoughtfully working towards cultivating a diverse workforce which in turn, enhances our products and services for the communities we serve. Applicants who represent all backgrounds are strongly encouraged to apply.
CALIFORNIA CONSUMER PRIVACY ACT: APPLICANT NOTICE
Effective Date: January 1, 2020
Last Reviewed on: December 23, 2019
PayNearMe, Inc. (the “Company”) is providing you with this Notice (“Notice”) to inform you about:
- the categories of Personal Information that the Company collects and maintains about applicants; and
- the purposes for which the Company uses that Personal Information.
For purposes of this Notice, “Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with, a natural person that the Company may collect in connection with screening applicants for job openings at the Company.
- Identifiers and Professional or Employment-Related Information. The Company collects identifiers and professional or employment-related information, which may include some or all the following: real name, nickname or alias, postal address, telephone number, e-mail address, membership in professional organizations, professional certifications, language skills, and current and past employment history. The Company collects this Personal Information to evaluate previous job performance and consider applicants for positions, to develop a talent pool and plan for succession, to conduct applicant surveys, to maintain an internal applicant directory and for purposes of identification, to promote the Company as a place to work, and for workforce reporting and data analytics/trend analysis.
- Personal Information Categories from Cal. Civ. Code § 1798.80(e). The Company may collect categories of Personal Information listed in Cal. Civ. Code §1798.80(e), other than those already listed above, (a) to the extent necessary to comply with the Company’s legal obligations, such as to accommodate disabilities; (b) to conduct a direct threat analysis in accordance with the Americans with Disabilities Act and state law; (c) for occupational health and safety compliance and record-keeping; and (d) to respond to an applicant’s medical emergency.
- Characteristics of Protected Classifications Under California or Federal Law. The Company may collect information about race, age, national origin, disability, sex, and veteran status as necessary to comply with legal obligations, including the reporting requirements of the federal Equal Employment Opportunity Act, the federal Office of Contracting Compliance Programs (applicable to government contractors), and California’s Fair Employment and Housing Act. The Company collects this Personal Information for purposes including: to comply with Federal and California law related to accommodation. The Company also collects this category of Personal Information on a purely voluntary basis, except where required by law, and uses the information only in compliance with applicable laws and regulations.
- Education Information. The Company collects education information such as resumes and graduation records. The Company collects this Personal Information to determine suitability for roles, to determine eligibility for training courses, and to assist with professional licensing.
- Profile Data. The Company may collect profile data, including the following: psychological assessments, behavior analyses, or other profiling of its applicants. The Company collects this Personal Information to determine aptitude for certain positions and job assignments as well.
- Background Screening Information. In the event that an applicant is given a formal job offer, the Company collects background screening information prior to hiring, including results of the following types of background screening: criminal history; sex offender registration; motor vehicle records; credit history; employment history; drug testing; and educational history. The Company collects this Personal Information to screen for risks to the Company and its clients, and continued suitability for their jobs and to evaluate applicants for promotions.
