How youll help us Keep Climbing (overview & key responsibilities) Join Delta IT on our journey to becoming the best IT organization in the airline industry. Delta IT is on a journey of transformation. We are changing the way we do business from top to bottom. As thought leaders within Delta, we strive to create meaningful and innovative solutions and are looking for team members to help us realize our vision. Delta IT employees are thinkers, doers, innovators. We are proactive. We are collaborative. We deliver impact to our customers. Join us on our transformation journey in becoming a world-class IT organization at the worlds best airline! The Manager of Vendor Risk Management (VRM) is responsible for overseeing the identification, assessment, and mitigation of technology-related risks across all third-party vendors. This role ensures compliance with regulatory requirements and internal security standards by meeting the risk framework set forth by IT Risk. The manager will collaborate with key stakeholders, such as procurement, legal, and IT teams to implement effective controls and drive continuous improvement in vendor risk posture. Strong leadership and communication skills are essential to manage complex risk scenarios and communicate findings to senior stakeholders. The ideal candidate combines dep knowledge of IT security, vendor governance and risk management practices with the ability to influence strategic decisions. Key Responsibilities Program Leadership & Strategy Provide leadership and oversight to a high performing team of Information Security professionals to ensure the confidentiality, integrity, and availability of information. Oversee the Vendor Risk Management program, ensuring alignment with enterprise risk and compliance objectives. Effective executive communication on vendor risk with the ability to simplify complexity. Develop and maintain VRM policies, procedures, and governance frameworks. Drive continuous improvement initiatives, including automation and integration of risk tools. Gain and maintain knowledge of existing and emerging supply chain risks. Adjust the program to address/minimize these risks. Meet with staff on a timely basis to conduct performance evaluations and provide feedback. Provide ongoing coaching, mentoring, and training to develop and encourage employee performance and development. Risk Assessment & Monitoring Lead the team in conducting inherent and residual risk assessments for new and existing vendors. Implement continuous monitoring capabilities to track vendor risk posture in real time. Ensure timely remediation of identified risks and findings, partnering with vendors and internal stakeholders. Stakeholder Engagement Collaborate with Supply Chain, Legal, and business units to embed security requirements into contracts and onboarding workflows. Provide risk insights and recommendations to senior leadership for informed decision-making. Serve as the primary point of escalation for vendor risk issues. Reporting & Metrics Deliver regular reports on vendor risk status, trends, and remediation progress to leadership and audit committees. Establish KPIs and dashboards to measure program effectiveness. Team Leadership Manage and mentor a team of vendor risk analysts, fostering professional growth and collaboration. Promote a culture of accountability, innovation, and continuous learning. Lead with integrity and a positive attitude. Perform special projects as assigned, while effectively managing time with competing priorities.
Benefits and Perks to Help You Keep Climbing Our culture is rooted in a shared dedication to living our values – Care, Integrity, Resilience and Servant Leadership – every day, in everything we do. At Delta, our people are our success. At the heart of what we offer is our focus on Sharing Success with Delta employees. Exploring a career at Delta gives you a chance to see the world while earning great compensation and benefits to help you keep climbing along the way: Competitive salary, industry-leading profit sharing program, and performance incentives401(k) with generous company contributions up to 9New hires are eligible for up to 2-weeks of vacation. This is earned for use in the following vacation year (April 1 – March 31)In addition to vacation, new hires are eligible for up to 56 hours of paid personal time within a 12-month period10 paid holidays per calendar yearBirthing parents are eligible for 12-weeks of paid maternity/parental leaveNon-birthing parents are eligible for 2-weeks of paid parental leaveComprehensive health benefits including medical, dental, vision, short/long term disability and life insurance benefitsFamily care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stagesHolistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental healthDomestic and International space-available flight privileges for employees and eligible family membersCareer development programs to achieve your long-term career goalsWorld-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprintBusiness Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategiesRecognition rewards and awards through the platform Unstoppable TogetherAccess to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare
What you need to succeed (minimum qualifications) 7+ years of experience in vendor risk management, third-party risk, or IT security, with at least 3 years in a leadership role. Skill in conducting Information Security assessments of vendors/third parties. Strong knowledge of regulatory requirements (PCI DSS, SOX, HIPAA) and risk frameworks (NIST, ISO 27001). Experience with GRC platforms and continuous monitoring tools (e.g., Archer, BitSight). Effectively communicates Information Security risks to technical and non-technical stakeholders, offers actionable options, and drives resolutions that balance business needs with risk reduction. Ability to lead and mentor direct reports and colleagues, and support leadership directives. Proactive in nature with customer satisfaction as a primary goal. Excellent written and verbal communication skills with a demonstrated ability to develop and maintain relationships. Strong sense of urgency, accountability, and ownership. Consistently prioritizes safety and security of self, others, and personal data. Embraces diverse people, thinking, and styles. Possesses a high school diploma, GED, or high school equivalency. Is at least 18 years of age and has authorization to work in the United States.
What will give you a competitive edge (preferred qualifications) Bachelors degree in information security, risk management, or related field. Professional certifications such as CISSP, CISM, and CRISC. Experience with RSA Archer or equivalent GRC tool. Ability to influence and drive change across multiple teams.