Third Party Relationship & Enterprise Risk Manager

About The Position

Requirements

• 4 Year / Bachelor's Degree In business, finance, accounting, risk management, or a related field
• Five to eight years of progressively responsible experience in enterprise risk management, third party risk management, internal audit, compliance, or related areas
• Experience performing independent risk assessments, oversight activities, or control evaluations
• Ability to read and comprehend instructions, short correspondence, and memos.
• Ability to write simple correspondence.
• Ability to effectively present information in one-on-one and small group situations to Members and other Team Members at the organization.
• Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals.
• Ability to compute dividends and interest.
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
• Ability to interpret a variety of instructions furnished in written or oral form.
• Must be able to process transactions in an efficient manner.
• Must be able to communicate policies and procedures to Members in an easily understood and professional manner.
• Must comply with all Bank Secrecy Act (BSA) and other Anti-Money Laundering (AML) laws and regulations, as they pertain to federal guidelines and internal policies and procedures.

Nice To Haves

• Graduate Degree
• Experience working in a regulated or complex operating environment preferred

Responsibilities

• Manage the enterprise risk management framework, including administration, maintenance, and periodic enhancement
• Conduct enterprise-wide risk assessments and maintain the enterprise risk register
• Identify emerging, cross functional, and systemic risks and document mitigation actions and risk ownership
• Develop, maintain, and monitor key risk indicators and escalation thresholds
• Prepare risk summaries, dashboards, and reporting for Senior Management, Supervisory Committee, and Board level review
• Maintain ERM related policies, procedures, methodologies, and supporting documentation
• Coordinate with business units to ensure risks are appropriately identified and assessed while maintaining second line independence
• Manage the third-party risk management program including onboarding, due diligence, inherent and residual risk assessments, ongoing monitoring, and issue remediation tracking
• Evaluate third parties for financial condition, operational capability, business continuity, information security posture, regulatory considerations, and concentration risk
• Ensure regulatory and risk considerations including financial crime, privacy, and data protection requirements are addressed within third party relationships without assuming program ownership
• Review vendor requests, renewals, and material changes to ensure required documentation is complete and risk assessments are performed
• Monitor vendor performance against contractual requirements, internal standards, and risk expectations
• Track, trend, and report third party risk issues, findings, and remediation status
• Maintain complete, accurate, and audit ready third party files and annual reviews
• Coordinate with Compliance, Information Security, Legal, Internal Audit, and business owners to support effective oversight
• Ensure third party relationships align with Board approved budgets and governance requirements
• Serve as the primary point of coordination for audits, examinations, and internal reviews related to enterprise risk and third-party risk oversight
• Maintain workpapers, documentation, and evidence supporting independent oversight activities
• Analyze data and trends to identify control gaps, risk exposures, and improvement opportunities
• Track and report remediation progress related to risk and third-party findings
• Independently manage assigned risk programs with minimal supervision and escalate material issues as appropriate
• Identify opportunities to improve the consistency, efficiency, and effectiveness of risk management and oversight processes
• Contribute to risk awareness and risk culture initiatives across the organization
• Perform additional related duties as assigned to meet business, operational, or regulatory needs