Risk and Compliance Officer - Third Party Risk

About The Position

Requirements

• 5 years of experience in compliance or enterprise risk management
• 2+ years of in-depth understanding of third-party risk domains, including operational, financial, strategic, compliance, reputational, and cyber/information security risks, preferably in a consulting
• Expertise in vendor lifecycle management processes, including onboarding, risk assessment and due diligence, contracting, ongoing monitoring, and offboarding
• Proficiency in risk assessment methodologies, risk scoring models, concentration risk analysis, and fourth-party risk management; familiarity with TPRM platforms such as ServiceNow VRM, Archer, ProcessUnity, OneTrust and Aravo

Nice To Haves

• 7 years of experience in compliance or enterprise risk management
• Bachelor’s degree; MBA or related advanced degree strongly preferred
• Strong knowledge of vendor contract management, SLA development, and regulatory requirements, including OCC Bulletin 2013-29, FFIEC guidance

Responsibilities

• Supports the development, implementation, and maintenance of the risk frameworks, policies, and procedures.
• Participates in risk governance committees and prepare documentation as needed.
• Conducts risk assessments across business lines, identifying emerging risks and control gaps.
• Performs ongoing monitoring of key risks and controls within their assigned lines of business.
• Performs routine analysis, conducts interviews and develops regular reporting in order to identify emerging risks to create recommendations to enhance control environments and create risk mitigation strategies.
• Coordinates and contributes to quarterly enterprise risk reports for executive management and Board Risk Committee.
• Assists assigned lines of business with completing various types of assessments and testing including trigger-based testing, RCSAs, including review, challenge, and validation
• Supports scenario analysis, risk appetite monitoring, and key risk indicator (KRI) tracking.
• Liaises with business units and support functions to ensure consistent application of risk management practices.
• Provides support to risk and compliance leadership for regulatory examinations, audits and ad-hoc board requests
• Lead the Bank’s third-party compliance program, establishing policies, processes, and governance for client and vendor relationships.
• Oversee third-party due diligence, onboarding, and ongoing monitoring to maintain high compliance and ethical standards.
• Manage and refine processes related to RFP support, vendor selection, audits of third parties, and contract compliance, embedding risk-based assessments throughout the third-party lifecycle.
• Direct the coordination and submission of surveys, questionnaires, and external audits requested by clients and regulatory bodies, delivering accurate and timely responses.
• Oversee temporary staffing compliance, including vendor verification, background screening, and adherence to the Bank’s employment and engagement standards.
• Perform testing activities including trigger-based testing and developing/socializing test results and developing remediation plans.
• Advising on Third Party Due Diligence and risk assessment activities, utilizing data-driven tools to assess, monitor, and mitigate risks within the third-party and vendor front line units.
• Collaborate cross-functionally with Legal, Procurement, Risk, and LOB leadership to promote consistent third-party compliance practices across all business units.
• Manage and develop compliance professionals dedicated to third-party governance, continuous improvement, and operational excellence.