AVP, Third Party Risk Manager

About The Position

Requirements

• Bachelor’s degree in Business, Finance, Risk Management, Law, or related field. Master’s degree or professional certification (e.g., CRCM, CAMS) is a plus.
• Familiarity with financial services industry risks and regulations.
• Proficiency with vendor risk platforms (e.g., TPRM/GRC tools), data analysis, and dashboarding.
• Ability to present complex analysis with clarity.
• Proficient in Microsoft Office Suite (Word, Excel, PowerPoint) or related software.
• Capability to work independently and collaboratively in a team environment.
• Excellent verbal and written communication skills.
• Strong interpersonal skills.
• Strong understanding of banking regulations, especially those related to payment processing, issuing, and settlement (e.g., BSA/AML, OFAC, Reg E).
• Knowledge of risk management principles and frameworks, particularly in fintech partnerships and program management.
• Excellent analytical skills, with the ability to assess complex processes and identify potential risks or areas for improvement.
• Strong communication and relationship-building skills, with the ability to collaborate effectively with internal and external stakeholders.
• Detail-oriented, with a strong focus on accuracy, compliance, and continuous improvement.
• Ability to work independently and prioritize multiple tasks in a fast-paced environment.
• 5+ years in vendor management, third‑party risk, operations risk, or related banking functions.

Nice To Haves

• CTPRP/CTPRA (Shared Assessments), CRVPM, CRISC, CRCM.

Responsibilities

• Performance Oversight: Monitor SLAs/KPIs, trend service quality, and drive corrective actions; lead monthly/quarterly vendor business reviews.
• Onboarding Coordination: Coordinate risk-aligned onboarding activities (e.g., information security due diligence, privacy review, resiliency checks, financial viability) and confirm artifacts are complete prior to production use.
• Issue & Escalation Management: Log, track, and remediate vendor incidents, service disruptions, or control gaps; manage formal corrective action plans and timelines.
• Documentation & Audit Readiness: Maintain current vendor profiles, due‑diligence evidence, performance reports, and monitoring records; ensure artifacts are audit‑ready and meet retention requirements.
• Stakeholder Partnership: Collaborate with TPRM, InfoSec, Privacy, Compliance, Legal, Procurement, Business Continuity, and Business Owners to align vendor activities with policy and regulatory expectations.
• Spend & Value Tracking: Analyze vendor spend and performance trends to identify optimization opportunities and quantify value delivered.
• Reporting: Prepare dashboards and status updates for management committees (e.g., Risk Committee, Operations Governance) highlighting performance, incidents, and emerging risks.
• Risk Identification & Assessment: Support risk assessments covering operational, cybersecurity, data privacy, compliance, financial viability, concentration, geographic, and fourth‑party risks.
• Continuous Monitoring: Execute ongoing monitoring aligned to the bank’s TPRM framework (e.g., SOC 1/2 reviews, penetration test summaries, vulnerability management, control attestations, business continuity exercises, incident notifications).
• Regulatory Alignment: Operate in accordance with interagency third‑party guidance and bank policy—e.g., FFIEC, Federal Reserve, OCC, FDIC expectations; ensure appropriate oversight of subcontractors/fourth‑parties and cloud/service providers.
• Issue Management & Remediation: Drive timely closure of exam/audit issues related to vendors; document evidence and status for internal/external stakeholders.