Product Owner – Third Party Risk Management (TPRM) Tools (KY3P Transition + New Platforms)

Divisional Overview:

The Corporate Planning & Management (CPM) Division unifies Finance & Planning, Spend Management, Operational Risk and Resilience, and CPM Engineering teams to deliver business planning and analytics, expense management, third party risk management, and governance strategies across the firm. CPM has 5 operating pillars:

Finance & Planning supports the execution of the firm’s strategic objectives through the management of the planning process, firmwide reporting and analytics and insights into the firm’s business plans and budgets. They develop consistent framework for revenue division projections creating transparency, accountability and efficiency around projections. This pillar also includes the CF&O, EO and Engineering divisional CFOs, who are strategic finance advisors helping the firm and the non-revenue divisions achieve commercial financial opportunities.

Product Finance is responsible for the overall governance and proactive management of the firm’s non-compensation expenses.

Spend Management encompasses the functions responsible for managing all aspects of the firm's spend with third parties - advising commercial agreements and driving operating efficiency. Departments include Strategic Sourcing, Procure to Pay, Integrated Travel and Expense, Infrastructure and Transformation and Sustainable Operations.

Operational Risk & Resilience (ORR) drives firmwide Operational Risk programs along with second line teams and implements required changes within CPM. This pillar also includes the Third-Party Risk Management (TPRM) team, responsible for identifying, managing, monitoring and reporting third party risks and providing governance and operational frameworks for all the firm’s third-parties (vendors, non-vendors, contingent workers, and interaffiliate services). The Corporate Insurance & Advisory team in this pillar identifies, procures, and manages corporate insurance needs for the firm and its investing businesses.

The CPM Engineering team provides engineering solutions that enable the firm to manage third-party spend, data and automation, plan budgets, forecast financial scenarios, allocate expenses and support corporate decision making in-line with the firm’s strategic objectives. The Product Owner for Third Party Risk Management Tools is responsible for driving the strategy, design, and implementation of TPRM software solutions that protect the Firm by mitigating risks associated with third-party relationships (vendors and non-vendors) and ensuring compliance with applicable regulatory requirements (e.g., DORA, GDPR, etc.). This role will steward the legacy KY3P tool on its demise path while leading the migration from the existing vendor program tool to new platforms and will ultimately transition to product ownership for target solutions such as ORO (orchestration tool) and a new internal TPRM platform build.

Key Responsibilities

• Product strategy & roadmap: Define and maintain the product strategy and roadmap for TPRM tooling, including feature prioritization, product lifecycle management, and alignment to third-party risk management functional objectives.
• Legacy stewardship (KY3P) and end-of-life planning: Manage KY3P through end-of-life by triaging enhancements, prioritizing critical fixes, performing defect and data analysis, and preparing stakeholders and operating procedures for transition.
• Migration ownership and delivery: Own the migration from the existing vendor program tool to new platforms by defining the migration approach, sequencing releases to avoid disruption to current program procedures, coordinating dependencies, and managing cutover readiness.
• Requirements & solution design: Collaborate with Program Owners, Businesses, and Risk Partners to define, analyse, simplify, design, and document business/program requirements; manage changes to requirements; and translate needs into a clearly prioritized backlog and roadmap.
• Engineering partnership: Liaise with Engineering leadership and developers to communicate business requirements and convert them into engineering/technical requirements, driving delivery of product features, data pipelines, and automated solutions.
• Infrastructure standards and strategy: Lead and drive infrastructure priorities, standards, and strategy for TPRM tooling, including planning, testing, deployment, and ongoing modernization.
• Orchestration and integration: Drive capabilities that enable workflow and process coordination across TPRM activities (including via orchestration tools such as ORO) and support integrations with enterprise systems and data sources using API integration techniques.
• Data ownership, migration, and controls: As owner of the data produced by TPRM tools, drive data migration/modeling efforts as needed, ensure data quality (profiling, cleansing, validation), and identify patterns, trends, and anomalies to define validations and controls and to improve data capture at entry points.
• Automated risk assessment: Deploy and evolve automated risk assessment solutions that utilize tool data to assess third-party performance, financial stability, security measures, and regulatory compliance.
• Analytics and stakeholder enablement: Use data analytics to generate insights and empower stakeholders with relevant data to identify and manage third-party risks.
• Continuous improvement: Drive projects to optimize system/processes, eliminate technical debt, and adopt modern technologies to deliver best-in-industry TPRM tooling.
• Global change management: Drive implementation of new systems or functionality (internal or external) and execute global change management to minimize disruption to program procedures, including documentation, user guides, and training materials.
• Stakeholder management: Build strong relationships with senior stakeholders firmwide to understand divisional initiatives, assess impacts across systems, and plan internal/external integrations.
• Operational support and audit readiness: Guide and partner with stakeholders across the Firm on day-to-day technical queries related to system/process logic, support defect/data analysis, and support internal and external audits.

Skills and Experience We Are Looking For

• Bachelor’s degree (e.g., business administration, finance, economics, computer science, engineering, or related fields).
• Minimum 4+ years of experience in product management, risk management, and/or vendor management; prior experience in third-party risk management is highly desirable.

Functional and Technical Skills

• Strong understanding of third-party risk management processes and methodologies; proficiency with risk management tools and platforms.
• Demonstrated product management capability, including roadmap definition, feature prioritization, and cross-functional delivery.
• Strong market research and analysis skills to evaluate competitors, identify tool gaps, and select fit-for-purpose solutions to eliminate tool proliferation across the end-to-end Source-to-Pay process where required.
• Requirements gathering and stakeholder management skills across business users, divisional risk management teams, and risk partners.
• Solution design capability leveraging both technology and process improvements.
• UX awareness and ability to advocate for user-centric, intuitive product experiences in TPRM tools.
• Ability to translate business/functional requirements into engineering/technical requirements and drive delivery of features, data pipelines, and automated solutions.
• Understanding of IT infrastructure concepts (platforms, servers, databases, cloud computing) relevant to TPRM tooling.
• Familiarity with API integration techniques.
• Strong technical writing skills (requirements documents, product specifications, user guides, training materials).
• Project management skills (scope, timelines, milestone tracking).
• Data analysis skills using analytics tools to track product metrics and make data-driven decisions.
• Data quality management experience, including profiling, cleansing, validation, and ensuring accuracy, completeness, and consistency.

Competencies

• Technical expertise in leveraging risk management and analytics solutions.
• Domain knowledge of TPRM principles, regulatory compliance expectations (e.g., DORA, GDPR, HIPAA), and industry best practices.
• Strong analytical abilities to interpret data, identify trends/anomalies, and derive actionable insights.
• Clear, concise communication skills, including the ability to articulate technical concepts to non-technical stakeholders and influence decisions.
• Strong judgment and problem-solving anticipate questions, plans contingencies, evaluates alternatives, and defines clear objectives.
• Customer focus: actively gathers feedback and continuously improves products to meet user needs.
• Adaptability to evolving regulatory requirements, technology change, and organizational shifts.
• Teamwork and collaboration across global teams; encourages contributions and acknowledges others’ work.

ABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html