Director Vendor Risk Management

About The Position

Requirements

• Bachelor’s degree in financial audit, accounting, business, or a related field from an accredited institution is required. Equivalent work experience may be considered in lieu of a degree.
• Minimum 12 years in financial regulatory risk, internal or external auditing, or information security—preferably within the financial services industry. Must have foundational knowledge across key risk disciplines including information security, business continuity, data privacy, legal and regulatory compliance, and general business risk. Subject matter expertise in at least one of these areas is required.
• Minimum 5 years of people management experience.
• Proficiency in Microsoft Office applications or similar software.
• Ability to lead enterprise risk programs and influence senior leadership.
• Apply strategic thinking, clear communication, and effective team leadership.
• Strategic and execution-oriented thinker with strong business risk awareness, sound judgment, attention to detail, and professional skepticism
• Exceptional communicator with strong relationship-building, and problem-solving skills across all organizational levels
• Effective at driving change across people, processes, and technology in dynamic, complex environments
• Collaborate across teams to promote a security-focused, business-aligned culture.
• As a Bank of Hawaii employee, you ensure (or assist with ensuring) compliance with applicable laws, regulations, regulatory requirements and Bank policies and procedures, including but not limited to those related to Fair Banking, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act.

Nice To Haves

• Certification highly desired: CISA, CISM, CRISC, CISSP or related.
• Experience with Microsoft Project or similar project management tools is preferred.
• Familiarity with: vendor risk or governance, risk, and compliance (GRC) tools such as ServiceNow, BMC, Archer, AuditBoard, or RiskRecon. standards such as SOC 1, SOC 2, PCI, NIST, or ISO 27001.

Responsibilities

• Strategic Program Leadership: Leads the development and implementation of the Third-Party Risk Management (TPRM) framework, operating model, and governance structure. Aligns third-party risk strategy with enterprise goals, regulatory expectations, and evolving market dynamics. Oversees program maturity initiatives and ensures consistent execution across business units.
• Technology Enablement & Process Optimization: Directs the design and enhancement of vendor risk systems, tools, and analytics platforms. Ensures data integrity, system scalability, and integration with enterprise risk architecture. Champions automation and process reengineering to improve efficiency, transparency, and scalability.
• Stakeholder Engagement & Risk Advisory: Builds strategic partnerships with legal, compliance, IT, procurement, and business operations leaders. Provides expert consultation and training on vendor risk policies, lifecycle management, and emerging threats. Facilitates cross-functional alignment to ensure consistent application of risk practices and controls.
• Regulatory Compliance & Audit Leadership: Maintains deep knowledge of global regulatory frameworks and industry standards governing third-party risk. Serves as the primary liaison for internal and external audits, assessments, and regulatory inquiries. Monitors emerging risks and proactively adjusts strategies to maintain compliance and resilience.
• Risk Intelligence & Strategic Reporting: Synthesizes complex vendor data into actionable insights for executive decision-making. Develops and delivers strategic dashboards, board-level reports, and risk narratives. Identifies systemic trends and emerging threats to inform enterprise risk posture and strategic planning.
• Team Leadership & Talent Development: Provides strategic leadership on all aspects of people management while modeling our leadership principles. Cultivates an environment where people are empowered to grow, take initiative, and succeed through clear direction, continuous coaching, and shared celebration.
• Performs other duties and responsibilities as assigned.