Who we are:
Woodruff Sawyer has been an industry leader for over 100 years. As a top insurance brokerage, our clients range from small start-ups to some of the most innovative companies in the world. Here, your unique expertise and perspective helps move companies ahead and your career forward.

We believe in supporting the whole lives and careers of our employees. That's why, through excellent benefits and opportunities, and a genuinely inclusive and collaborative environment, we create the space for you and your career to flourish.

As an employee-owned company, we build toward the next decade, not just the next quarter. Our independence means you answer to great ideas and client success, not short-term profits, while our ESOP program allows you to build long-term wealth and ownership in the company. At Woodruff Sawyer, you own your future.

Job Summary:
Woodruff Sawyer is looking for Vendor Contract & Risk Management Counsel who will help grow our Legal Team. As the Risk Management function continues to evolve at Woodruff Sawyer, responsibilities for this role will change and expand. Common daily duties will include reviewing, drafting, negotiating, and monitoring the lifecycle of vendor contracts as an integral part of strategic solutions to facilitate the company's growth and expansion in vendor procurement. If you would like to be part of a growing company and team helping to shape internal legal policy around vendor and risk management, then this is the opportunity for you!

What you will do:
  • In coordination with the Third Party Risk Manager, develop, implement, and manage the enterprise vendor risk review processes.
  • Provide legal support for vendor governance and management efforts, including risk assessment, issue escalation, ongoing monitoring, and contract enforcement.
  • Identify opportunities for efficiency and effectiveness as well as cost saving by tracking spending, optimizing vendor management mechanisms, and effectively managing risks while minimizing business impact.
  • Plan and coordinate internal programs that leverage vendor risk management best practices to deliver strategic benefits to the business.
  • Develop innovative approaches to vendor risk management policies and procedures, high quality reporting and training documentation that covers, but is not limited to, risk tiering methodology, risk assessment process flows, risk assessment questionnaires, ongoing monitoring processes, triggers for escalation and reassessment on all external vendors and internal affiliates.
  • Assist in managing the implementation and maintenance of a central repository for vendor information, assessments thereon, inventory, and contracts.
  • Coordinate with stakeholders, project managers, technical and functional staff across all IT/Business departments to ensure timely renewal or transition where required.
  • Ensure the vendor risk management framework is operating within the company's defined risk appetite.
  • Prepare meeting materials and lead working groups to review updates on vendor risk profile, remediation efforts, trend analysis, and advice on matters that require escalation.
  • Assist with reporting to management and Board.
  • Document vendor management processes and best practices.
  • Collaborate with Third Party Risk Manager and IT to ensure that all vendors go through a risk assessment process and/or review in a timely manner including ongoing security, privacy, and risk assessments for vendors (e.g., vendor selection, risk ratings, security questionnaires, internal communications, privacy considerations in contractual review and negotiation, regulatory review, on-site reviews, etc.).
  • Negotiate complex vendor contracts with suppliers and vendors.
  • Collaborate with stakeholders in operation and commercial teams to gather business and technical requirements to fulfill and complete the appropriate customer documents for large and complex deals, especially SAAS and other technology contracts.
  • Prepare, draft, and negotiate complex and/or technical contracts including identifying potential risks and offering mitigation solutions and the coordination of subject matter experts.
  • Lead a vendor review process that ensure standard and nonstandard deals are validated and documented so that customer expectations, document creation, implementation, and delivery are consistent and accurate.
  • Handle conflicts through dispute resolutions.
  • Work closely on coordinating privacy contracting issues, including: managing internal teams and external resources to negotiate and finalize data privacy language in third-party agreements; responding to domestic and international privacy contracting questions; create and update data privacy contracting playbook.
  • Maintaining subject matter expertise in global data transfer, data use, and data protection laws.
  • Apply sound judgement and comply with firm policies on handling sensitive and confidential data.
  • Manage workload and priorities with limited oversight.

The job is for you, if...
  • Can demonstrate prior experience and success in managing a risk-based program; performing vendor risk assessments.
  • Can evaluate and provide healthy challenge in various areas including vendor assessments, issue identification and action plan management to mitigate risks.
  • Can present and communicate complex ideas, anticipate potential objections, and influence others.
  • Exude passion about risk management, third party due diligence, & regulatory policy compliance.
  • Demonstrate tact, capacity for discreetly handling sensitive and confidential information, and ability to maintain professionalism under pressure.
  • Can manage multiple projects concurrently; with a strong ability to prioritize.
  • Have the ability to set, communicate, and meet expectations around timing, including, managing time-sensitive matters and adhering to strict deadlines where necessary.
  • Have the interpersonal skills necessary to effectively communicate in person, by video conference, by telephone and email, and in writing, with all levels of the organization including management, peers, and clients.
  • Can apprise, consult, and escalate current and potential risks/issues to supervisors and management.
  • Are detail oriented.
  • Manage ambiguity and adapt to expanding and varying technology solutions and processes.
  • Learn and adapt quickly at a fast-growing company.

Experience & Qualifications:
  • Juris Doctorate degree from an ABA-accredited law school.
  • Current member of the California Bar in good standing.
  • 3-5 years' experience working on vendor contracts, risk management and governance in-house.
  • Knowledge of regulatory compliance (e.g., SIG Questionnaire, ISO 22301, ISO 27001, SOC II, GDPR, HIPPA, CCPA, GLBA) as they relate to vendor risk management
  • Strong analytical, problem solving, and drafting skills
  • Experience using contract lifecycle management tools.
  • Have experience with insurance companies, insurance brokerages, related industries, or highly regulated industries, preferred.

Don't meet every single preferred qualification? Studies have shown that underrepresented populations are less likely to apply to jobs unless they meet all qualifications. At Woodruff Sawyer we are dedicated to building a diverse, inclusive, and authentic workplace, so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.

More About Us:
Compensation: Anticipated salary between $121,800 - $150,000. Salary offered will be dependent upon geography, experience, and expertise of the candidate.

This position is eligible to participate in an incentive program to earn additional compensation with a target equivalent to [insert bonus]% of salary annually, based on individual and Company performance.

Our Benefits Include:
  • Medical, Dental, and Vision coverage
  • 401k Retirement Plan with company match
  • Ownership in the company through our ESOP (Employee Stock Ownership Program) and profit sharing
  • Paid vacation, holidays, and sick days
  • Life Insurance, Short-term, and Long-Term Disability benefits
  • Flexible Spending Account (FSA)
  • Wellness programs and workplace flexibility benefits
  • Professional development and reimbursement programs
  • Added perks like discounted event tickets, pet insurance, financial coaching, identity theft protection, milk stork, etc.

Compensation and Benefits are what Woodruff Sawyer in good faith believes are accurate for this role at the time of this posting.

Woodruff Sawyer is an Equal Opportunity Employer.

Our Equal Employment Policy incorporates our commitment to maintain an environment free of discrimination and to comply with all federal, state and local laws providing equal employment opportunities.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.