Third-Party Risk Management Manager

About The Position

Requirements

• Advanced Third-Party Risk Professional Certification or designation based on years of experience.
• Demonstrate an in-depth understanding of business processes, internal control risk management, IT controls, and how they interact together.
• Ability to navigate and influence key stakeholders across the banking organization and the dependencies around TPRM.
• Ability to effectively represent CRO and C-Suite members in quarterly reviews.
• Strong financial business acumen. Ability to understand accounts payable flows around procurement.
• Exceptional strategic, analytical, and problem-solving skills. Strong relationship and facilitation skills.
• Excellent written and verbal communication skills, and strong negotiation skills with both internal and external parties.
• Detail oriented, with ability to complete reporting and analytics accurately, timely, and in a presentable manner.
• Self-motivated, going beyond immediate responsibilities, with ability to strategize and operate independently as well as be a team player.
• Eager to learn new things in a fast-paced environment. Ability to thrive in structured and unstructured environments while focusing on strategic, big-picture objectives among day-to-day responsibilities.

Responsibilities

• Drive the strategic direction and roadmap for the Third-Party Risk Management program, ensuring alignment with organizational objectives and evolving regulatory expectations.
• Understand the key phases of vendor lifecycle to develop a managed program that includes vetting potential vendors, advising requesting business stakeholders, ensuring proper criticality and risk ranking, and associating right sized and focused due diligence questionnaires, interacting with, challenging, and confirming requirements with third party security team members.
• Responsible for the TPRM program requirements including leading the management of program controls and scalable Second Line of Defense Governance processes.
• Serve as a senior advisor and Point-of-Contact for Line of Business Leaders for all Third-Party Vendor Relationships.
• Conduct a strategic review and analysis for Vendor Scorecards, identifying trends and themes for executive reporting.
• Oversee quality assurance review of all high-tier and critical Third-Party Risk Assessments and provide credible challenge to ensure assessments meet the established standards.
• Collaborate with cross-functional stakeholders to develop and execute risk mitigation strategies and vendor oversight.
• Lead and represent the TPRM function in cross-functional organizational initiatives from a strategic and risk control perspective.
• Prepare and deliver program reporting for Executive Leadership and Board Risk Committee, providing analysis and commentary on risk trends and program maturity.
• Maintain expert knowledge of all US banking regulatory and supervisory requirements pertaining to vendor management/third party risk management (i.e. FRB, FDIC, FFIEC etc.).
• Handle changes in regulatory guidance or laws that impact Third-Party Vendor Risk Management.
• Oversee and provide guidance on end-to-end lifecycle management of all third-party relationships.
• Act as a lead liaison for all VRM activities with cross-functional stakeholders.
• Provide subject matter expertise and guidance to support end to end contract management activities.
• Responsible for all internal and external audit/exam related inquiries for TPRM, serving as the primary point of contact and managing the response process.
• Support the PMO Team in the development of new initiatives with third-party relationships including the TPRM planning life cycle.
• Serve as the primary TPRM representative and lead coordinator during major incidents, supporting the Incident Management Team and Business Continuity for business or vendor impact.
• Lead the third-party risk diligence and integration process during mergers and acquisitions, including the review and analysis of acquired vendor contracts.
• Direct the renegotiation of critical vendor contracts post-merger to align with enterprise risk tolerance, cost-saving goals, and service-level standards.
• Conduct a comprehensive risk and compliance gap analysis on acquired vendor relationships against existing bank policies and regulatory requirements.
• Develop and execute a strategic plan for the consolidation, migration, or termination of redundant or non-compliant vendor contracts.
• Assess and validate documentation to support control assurance.
• Oversee risk-based vendor segmentation and develop exit strategies for all vendors including those which are high-risk to the organization. Coordinates integration of vendor relationships through mergers and acquisitions.
• Ability to build team culture by reinforcing enterprise ICARE values.
• Leverage tools and technology to streamline processes and improve efficiencies.
• Perform other duties as assigned or required.