Overview Job Description Director, Strategic Sourcing Enterprise Third-Party Risk Process & Governance leads the operational execution of the end-to-end third party risk process as a key member of the Central Risk Management team, within the Strategic Sourcing function. The role shapes, drives, and manages central third-party risk management processes, supports cross-functional teams, and ensures consistent application of risk policies and procedures across the third-party/supplier life cycle. The Director collaborates with business owners, risk SMEs, sourcing teams, and the Central Risk Management team to assess, monitor, and mitigate third-party risks, while driving process efficiency and compliance. The leader also drives change management for expanding current risk processes and implementing new processes, enabling holistic third-party risk management across the company. The role requires collaboration with internal stakeholders, development of robust third-party risk approaches, leveraging best practices, and driving risk visibility and governance for managing and underwriting risks. The ideal candidate is a forward-thinking leader with deep understanding of pragmatic third-party risk processes, tools, technology, change management, and user-centric design. This role reports to the Senior Director of Strategic Sourcing Enterprise Third-Party Risk Management and contributes to the enterprise third-party risk management strategy with a focus on execution, governance, reporting, and continuous improvement. Key Duties and Responsibilities Operational Leadership Lead initiatives to implement the expanded third-party risk management processes, including change management Manage day-to-day operations of the holistic centralized third-party risk management process Oversee supplier criticality assessments and ensure consistent application of risk evaluation tools Maintain and update the supplier risk repository, including tracking mitigation actions and ownership Support and coordinate risk assessments for critical suppliers in partnership with business leads and risk SMEs Support the development and automation of risk metrics and dashboards for visibility and reporting Assist in maintaining enterprise third-party risk management tools such as the risk appetite matrix and risk mitigation playbooks and ensure alignment with business inputs Governance & Compliance Support governance forums and escalation processes for individual third-party risks as well as risk themes by coordinating inputs and developing fit-for-purpose material including reporting, key metrics, and executive summaries Ensure compliance with and continue to evolve internal processes, policies, and understanding of regulatory requirements and industry standards Proactively engage risk SMEs and external risk and industry forums to understand potential regulatory changes affecting the third-party/supply base and risk processes Partner with internal audit, compliance, legal teams and other risk owners to align and evolve risk practices Cross-Functional Collaboration & Continuous Improvement Work with strategic sourcing and business owners to integrate third-party/supplier landscape insights into risk strategy Collaborate with HR, Communications and business teams to support training and awareness initiatives Serve as a liaison between risk SMEs and business units to ensure effective execution of risk practices Identify opportunities for process optimization and automation Benchmark practices against industry standards and contribute to ongoing enhancements of the TPRM framework Leadership & Change Management Partner with senior executives, business leaders, DTE, and suppliers to realize tools and technology evolution to expand and support risk processes Align risk processes with overall business objectives and collaborate with key stakeholders to understand evolving risks; own, develop and embed tools and processes to enable consistency, simplification, and sustainability of pragmatic third-party risk management Foster strong partnerships and a culture of continuous and balanced third-party risk mindset and decision-making Success Measures Increased adoption and satisfaction with third-party risk programs Demonstrated value of enhanced third-party risk management practices Reduction of process cycle times and elevated focus on critical third-parties and risks High stakeholder engagement and positive business feedback on value and effectiveness Knowledge and Skills Strong analytical and project management skills Exceptional leadership, communication, and stakeholder management skills Familiarity with third-party risk assessment tools, dashboards, and governance frameworks Ability to lead cross-functional teams and drive operational excellence Track record of delivering measurable outcomes through process transformation, automation, and user experience redesign Active listening and ability to articulate points of view Ability to work in a collaborative environment and cultivate effective partner relationships Ability to manage multiple priorities and complex projects Knowledge of regulatory requirements and industry best practices in third-party risk Education and Experience Bachelor's degree in Business, Finance, Risk Management, or related field Professional certifications (e.g., CRMA, CTPRP, CISM) preferred 8-12 years of experience in risk management, sourcing, or compliance, preferably in a biopharma or regulated industry Experience managing third-party risk programs or supplier risk assessments Pay Range $175,200 - $262,800 Disclosure Statement The range provided is based on a reasonable estimate for the base salary pay range at the time of posting. This role is eligible for an annual bonus and annual equity awards. Some roles may be eligible for overtime pay where required by law. Actual base salary will be based on skills, competencies, experience, and other factors allowed by law. Vertex offers total rewards including medical, dental, vision, generous PTO, educational assistance, commuting subsidy, 401(k), and more. Flex Designation Hybrid-Eligible Or On-Site Eligible Flex Eligibility Status In this Hybrid-Eligible role, you can choose to be designated as: 1. Hybrid: work remotely up to two days per week; or 2. On-Site: work five days per week on-site with ad hoc flexibility. The Flex status is subject to Vertex policy and may change. Company Information Vertex is a global biotechnology company committed to equal employment opportunity and non-discrimination for all employees and applicants. Vertex is an E-Verify Employer in the United States and will provide reasonable accommodations for qualified individuals with known disabilities, in accordance with law. For accommodations in hiring, contact Talent Acquisition at ApplicationAssistance@vrtx.com

#J-18808-Ljbffr