Associate Director, Risk Management

Flex is a growth-stage, NYC headquartered FinTech company that is creating the best rent payment experience. It’s hard to believe that it’s 2026 and paying rent on time is expensive, inflexible, and difficult. We’re here to change that! Flex enables our users to pay rent throughout the month on a schedule that better fits their finances and budget. Our mission is to empower as many renters as possible with flexibility over their most significant recurring expense. After deliberately keeping a stealth profile as we built up unprecedented investor support and an enthusiastic user base, we are looking for motivated individuals to help us keep our mission growing. Will you be a part of the team?About FlexFlex is a venture-backed fintech company helping businesses manage and optimize their spend with modern financial products and software. We partner with some of the most innovative companies in the world and operate in a highly regulated, fast-growing environment. As we continue to scale, building best‑in‑class risk and compliance programs is critical to enabling our growth.The RoleWe are looking for an Associate Director, Third-Party Risk Management (TPRM) to own the TPRM pillar at Flex. This is not a program management role. It is a pillar ownership role: you set the risk posture, define the operating model, and are accountable for outcomes across a vendor population that touches every part of the business.You will lead a small team, establish the direction for how Flex evaluates and monitors third-party risk, and make the calls on where speed and rigor need to be balanced. You will design AI-enabled workflows that scale the team's capacity without sacrificing auditability or regulatory defensibility. And you will hold Flex's third-party risk position across the organization, shaping decisions in Product, Engineering, Finance, and Procurement rather than responding to requests from them.This role is right for someone who has owned TPRM at a mature, regulated institution and also built something from the ground up at a high-growth fintech. Someone comfortable with ambiguity, confident in their risk judgment, and ready to be handed the reins.What You’ll DoOwn Flex's third-party risk posture end-to-end: set the strategy, define the operating model, and be accountable for outcomes across the full vendor populationEstablish and maintain the policies, standards, and governance framework that underpin TPRM across the organizationMake risk-based decisions on vendor approvals, exceptions, and escalations, including explicit tradeoffs between speed and risk exposure, and defend those positions to senior leadership and regulatorsArchitect scalable intake, tiering, due diligence, and monitoring workflows, designing AI-enabled automation where it improves speed and consistency without removing human judgment from consequential decisionsBuild signal-driven monitoring systems that surface vendor risk in real time (financial distress, security incidents, operational failures) rather than relying on calendar-based review cyclesDesign and own AI workflows for high-volume tasks like SOC report analysis, questionnaire scoring, and exception tracking, with clear auditability and human-in-the-loop checkpoints throughoutDrive risk alignment across Product, Engineering, Finance, and Procurement, shaping vendor strategy and sourcing decisions upstream rather than reviewing them after the factServe as Flex's authoritative voice on third-party risk in regulatory exams, audits, and customer due diligence requestsOwn the reporting framework that gives senior leadership real-time, decision-relevant visibility into third-party risk postureProactively identify emerging third-party risks across new vendor categories, evolving threat landscapes, and regulatory developments, and evolve controls before they become issuesHelp mentor and develop more junior team members as the program and team scaleWhat We’re Looking For7+ years of experience in third-party risk, vendor risk, or a closely related risk and compliance disciplineExperience at both a large, regulated institution with a mature risk function and a high-growth, venture-backed fintech or technology companyDemonstrated track record of making and defending risk-based decisions under ambiguity, including explicit speed-vs-risk tradeoffsExperience designing AI-enabled workflows for risk or compliance use cases, with a clear point of view on where automation helps and where human oversight is non-negotiableStrong working knowledge of vendor risk domains: security, privacy, operational, financial, and regulatoryProven ability to influence across Product, Engineering, and Finance, not just within a compliance or risk siloStrong communication skills; able to translate complex risk positions into clear recommendations for executive and board-level audiencesComfort with data; SQL experience or the ability to query and analyze data independently is a strong plusExperience supporting or leading regulatory exams in a financial services or fintech environmentNice to HaveExperience building a TPRM program from scratch at a high-growth companyFamiliarity with GRC platforms and common TPRM toolingWorking knowledge of relevant frameworks and standards (SOC 2, ISO 27001, NIST, PCI, etc.)Prior people management or team lead experienceCompensationFlex takes a market-based approach to pay, ensuring compensation is commensurate with a candidate's experience and our internal leveling guidelines. For candidates located in our Tier 1 (NYC/Bay Area) and Tier 3 (Salt Lake City) markets, the base salary pay range for this role is below. Flex utilizes a geographic pay differential based on a cost of labor index. If you are located outside of the cities listed below, your starting pay will be adjusted to align with the market conditions of your specific geographic zone. Please speak with your recruiter for additional information regarding the specific range for your location.Tier 1 (NYC/Bay Area)$176,000—$220,000 USDLife at FlexWe understand that it takes a diverse team of highly intelligent, curious, determined, empathetic, and self aware people to grow a successful company. Our HQ is located in New York City, but we have employees located throughout the US, Australia, Canada and South America. We are growing quickly, but deliberately, with a focus on building an inclusive culture. Our dynamic team has incredible perspectives to share, just as we know you do, and we take great pride in being an equal opportunity workplace.OfficesRoles posted in New York, San Francisco, and Salt Lake City are hybrid positions with on-site expectations of 2-3 days per week in our local offices. For candidates outside of these areas, you may be eligible for our relocation assistance program.BenefitsFor full-time U.S. employees we offer:Competitive medical, dental, and visionCompany equity401(k) plan with company match Unlimited paid time off + 13 company paid holidaysParental leave Free Flex subscriptionFor full-time non-U.S. employees, we offer:Competitive compensation + company equityUnlimited PTO