Director, Third Party Risk Management

BlackRock•New York, NY

2d•$194,000 - $270,000•Hybrid

About The Position

The Risk & Quantitative Analysis (RQA) group provides independent oversight of BlackRock’s fiduciary and enterprise risks. RQA’s mission is to advance the firm’s risk management practices and deliver independent risk advice and constructive challenge to drive better business and investment outcomes. While fulfilling this mission, RQA provides quantitative analysis and evidence-based insights to many of BlackRock’s businesses, helping to promote the spread of best practices across the firm. RQA promotes BlackRock as a leader in risk management by providing independent top-down and bottom-up oversight to help identify investment, counterparty, operational, regulatory, technology, and third party risks. RQA is committed to investing in our people to promote both individual accomplishment and a strong collaborative environment. As a global group, our goal is to create a culture of inclusion which encourages teamwork, innovation, diversity and the development of future leaders. We actively engage in discussions on career growth and work with team members to understand how personal passions and strengths connect with our purpose. Third Party Risk Management works with internal and external business and risk partners to identify the risks that existing, and potential, third parties introduce to BlackRock and our clients, and assess controls to mitigate those risks through initial and ongoing due diligence, incident management and performance monitoring. BlackRock’s third parties include fund operations providers, technology vendors, index and market data providers, distributors and real asset service providers where BlackRock owns or is responsible for operating a physical asset.

Requirements

Ideally 10+ years of enterprise risk or third-party risk management related experience, preferably within investment management.
Experience developing a third-party risk testing program, particularly focusing on operational resilience.
Established, or ability to establish, strong business relationships with partner functions (e.g. Information Security and Enterprise Resilience) while exerting challenge to influence the evolution of the risk framework and/or business processes.
Proven and effective written and verbal communication skills to all levels of the organization including external regulators and Boards.
BS/BA required, preferably Business, Finance, Risk Management
Working knowledge of third party regulatory requirements, e.g. Third-Party Relationships: Interagency Guidance on Risk Management, Digital Operational Resilience Act, EBA Outsourcing Guidelines, and/or Operational Resiliency local regulatory requirements.

Nice To Haves

CTPRP designation a plus.

Responsibilities

Own the firm’s framework and policy for managing third party risks, with a particular focus on resilience-related risks for critical third parties.
Coordinate with stakeholder groups to ensure clear roles, responsibilities and accountability.
Collaborate with internal business stakeholders, including risk partner and enterprise vendor governance teams, to monitor, escalate and oversee the remediation of third-party risk issues identified.
Represent BlackRock’s third party risk program to relevant regulators (e.g. OCC).
Lead Third-Party Risk Management for Americas region.
Develop a testing program to challenge third-party risk management resilience-related processes and controls across the business to help identify vulnerabilities with critical third party and counterparty relations, in alignment with wider testing programs (e.g. global operational resilience testing).
Maintain and evolve program to review and test critical third-party exit and replacement strategies.
Expand insights gained through the use of continuous monitoring of the firm’s critical and high risk third-party supply chains, to scale the firm’s efforts to detect, assess and manage emerging third-party risks.
Mature the firm’s oversight and assessment of third party concentration risks.