Third Party Risk Management Consulting Director

About The Position

Requirements

• Program expertise in Third Party Risk Management best-practices including industry security, business continuity, and data privacy standards, risk assessment testing procedures, issue management processes, and inherent/residual risk calculations
• Compelling communicator; demonstrated verbal and written communication skills.
• Detail oriented with strong organizational skills and ability to manage multiple projects effectively.
• Ability to communicate and simplify technical concepts for those not familiar with risk management concepts, particularly in the context of business stakeholder training.
• Strong interpersonal skills with the ability to work with staff at all levels.
• Proven thought leadership and ability to provide informal guidance to more junior team members.
• Strong knowledge of Microsoft Office Suite and other business-related software systems including processing systems and applications.
• Bachelor’s degree or equivalent
• Typically a minimum of nine years of experience in Supplier Risk or Third-Party Risk assessment
• Experience developing and managing remediation action/incident management processes.
• Experience in developing remediation action/incident management specific reporting and analytics.

Nice To Haves

• CISSP, CRISC, or CISA highly preferred

Responsibilities

• Perform Third Party Risk assessments for complex, sensitive, and escalated Third Party assessments, including those requiring on-site reviews.
• In the course of executing these critical and sensitive assessments, evaluate Third Party questionnaire responses, perform control review/validation, and assess documentation per established procedures and standards.
• Perform periodic quality assurance and review of Third Party Risk assessments performed by all assessment team members to ensure that all assessments meet established standards and expectations.
• Actively solicit business partner engagement and buy-in by attending, and organizing where appropriate, periodic meetings with business partners to ensure Third Party Risk Management is appropriately meeting business needs.
• Coordinate, review and submit program analytics to leadership covering process utilization metrics, program Key Performance Indicators, Third Party Risk Key Risk Indicators, and escalation reporting and management.
• Support leadership in managing and implementing all identified program, process, and technology configuration process improvements in the Third Party Risk Management program roadmap.
• Own the design, implementation, and ongoing management of the enterprise weighted third-party risk scorecard, ensuring risk calculations consistently incorporate assessment results, issue severity, remediation status, performance metrics (SLAs/KPIs), and monitoring signals to support prioritization, escalation, and executive decision-making.
• Develop and maintain interaction model with all relevant CNA Business and Risk Stakeholders.
• Ensure they are appropriately looped into TPRM processes and enabled to support TPRM through workflow, reporting, and analytics
• Leveraging general Third Party Risk Management expertise, take the lead on performing regular updates of CNA’s Third Party Risk Management methodologies
• Own enterprise-level governance, prioritization, and escalation of third-party issues to ensure remediation outcomes are risk-based, consistent, and defensible.
• Lead the support of TPRM Technology including the administration, management, configuration, and testing for all current TPRM technology.
• Additionally, monitor TPRM technology market landscape to ensure CNA's TPRM technology stack is appropriately updated.
• Develop and maintain a robust quality assurance program that extends outside of just individual auality control of assessments.
• May perform additional duties as assigned.

Benefits

• comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals