Manager, Third Party Risk

About The Position

Requirements

• 5–8+ years of experience in: Third-Party Risk Management, Operational Risk, Enterprise Risk Management, Vendor Governance, Operational Resilience.
• Experience operating within regulated financial institutions.
• Strong understanding of: OSFI B-10, operational resilience principles, risk governance frameworks, third-party lifecycle management.
• Experience developing governance reporting, KRIs, and executive dashboards.
• Experience coordinating cross-functional risk assessments and remediation activities.
• Strong stakeholder management and organizational skills.
• Strong written communication and presentation skills.
• Experience with TPRM platforms and workflow tools (e.g., ProcessUnity, Archer, ServiceNow, OneTrust, Coupa, etc.) is an asset.
• Experience implementing or enhancing risk-based assessment methodologies.
• Familiarity with Operational Resilience frameworks, concentration risk management, SLA governance, vendor lifecycle governance is an asset.
• Relevant certifications considered an asset: CTPRP, CRISC and CISA.

Nice To Haves

• Experience with TPRM platforms and workflow tools (e.g., ProcessUnity, Archer, ServiceNow, OneTrust, Coupa, etc.) is an asset.
• Familiarity with Operational Resilience frameworks, concentration risk management, SLA governance, vendor lifecycle governance is an asset.
• Relevant certifications considered an asset: CTPRP, CRISC and CISA.

Responsibilities

• Support the ongoing enhancement and operationalization of the enterprise TPRM framework, standards, procedures, and governance processes.
• Conduct oversight and challenge of third-party risk activities across onboarding, reassessment, monitoring, renewal, and termination activities.
• Coordinate and support TPRM governance committees, risk forums, and escalation activities.
• Monitor adherence to TPRM standards, operational SLAs, and regulatory expectations.
• Support development and maintenance of TPRM operating standards and lifecycle governance controls.
• Develop and maintain TPRM dashboards, metrics, KRIs, and executive reporting.
• Support monthly reporting on vendor risk exposures, SLA breaches, incidents, outages, remediation status, and concentration risks.
• Track and escalate overdue assessments, unresolved risk issues, and remediation activities.
• Support development of board and committee reporting materials.
• Monitor vendor lifecycle activities and ongoing risk exposure trends.
• Coordinate cyclical reassessment activities based on vendor criticality and inherent risk.
• Support ongoing monitoring activities including review of SOC reports, BCM/DR evidence, control attestations, SLA performance, incidents, and operational disruptions.
• Support governance activities related to vendor renewals, material changes, and exits.
• Assist in development of concentration risk and critical dependency inventories.
• Identify opportunities to streamline TPRM workflows, assessments, and intake processes.
• Support implementation of risk-based due diligence and assessment methodologies.
• Partner with Procurement, Legal, SMEs, and business stakeholders to improve process efficiency and accountability.
• Support workflow enhancement initiatives, automation opportunities, and tooling improvements.
• Assist with implementation of operational SLAs, escalation triggers, and remediation governance.
• Act as a key liaison between ERM, Procurement, Legal, SMEs, and business stakeholders.
• Support first-line business owners in executing vendor governance responsibilities.
• Coordinate stakeholder meetings, issue follow-ups, and governance activities.
• Provide guidance and training on TPRM processes and requirements.

Benefits

• Comprehensive benefits and retirement programs
• Performance incentives
• Continuing Education Programs
• Other perks to support your well-being
• Career growth opportunities
• Product discounts