Third-Party Risk Management Officer

SUMITOMO MITSUI TRUST BANK, LIMITEDNew York, NY
$120,000 - $145,000Hybrid

About The Position

The Third-Party Risk Management (TPRM) Officer is responsible for supporting the SMTB Americas Division (“AD”) enterprise-wide third-party risk management program within the Second Line of Defense. The role provides oversight, effective challenge, and monitoring of third-party relationships throughout the vendor lifecycle to ensure compliance with applicable regulatory requirements, internal policies, and risk management standards. The TPRM Officer works closely with vendor owners, Administration, Information Security, Compliance, Operational Risk, Legal, Planning and other stakeholders to evaluate, monitor, and report risks associated with vendors, service providers, affiliates, and other third parties. This role supports the SMTB AD’s ability to identify, assess, mitigate, monitor, and report third-party risks in accordance with US federal banking regulations, State of NY regulatory expectations while aligning with SMTB Head Office policies and required oversight. As SMTB AD continuously enhances its vendor management processes and third-party risk oversight, the TPRM Officer will be responsible for identifying, designing and working with stakeholders to implement enhancement opportunities. The Third-Party Risk Officer will also be part of the U.S. level SMTG ABMD team and ensure all CUSO entities have an effective third-party risk management program, establish a U.S. Third Party Risk Framework and provide reporting to the U.S. Chief Risk Officer and U.S. Risk Committee, along with other local and Head Office teams.

Requirements

  • Bachelor’s degree in Business Administration, Finance, Risk Management or related field.
  • Minimum of four (4) years of experience within a banking organization’s Third-Party Risk Management, Vendor Risk Management, Operational Risk, Procurement, Vendor Compliance, or related function.
  • Proficiency in risk management within regulated financial institutions subject to Federal Reserve, OCC, FDIC, FFIEC, SEC or NYDFS oversight.
  • Experience performing third-party risk assessments, vendor due diligence reviews, working with Legal on the review of vendor contracts, supporting vendor onboarding and risk-based approval processes.
  • Experience reviewing and monitoring third-party relationships throughout the vendor lifecycle, along with issue tracking and remediation oversight.
  • Experience preparing risk reports, management reporting, and documentation for audits or regulatory examinations.
  • Knowledge of operational risk, cybersecurity risk, information security controls, business continuity, and regulatory compliance considerations related to third-party relationships.
  • Excellent computer skills in Microsoft Office including Excel, Word, and PowerPoint.
  • Excellent interpersonal skills, good oral and written communication skills.
  • Good organizational and multitasking skills.

Responsibilities

  • Lead the execution and continuous improvement of SMTB AD’s Third-Party Risk Management Framework, policies, standards, procedures, and related governance processes.
  • Perform independent second-line review (along with other second-line teams) and challenge of third-party risk assessments, due diligence reviews, onboarding activities, monitoring activities, and termination processes.
  • Ensure third-party risk management activities align with applicable regulatory requirements, including Federal Reserve, FFIEC, and NYDFS expectations, along with Head Office policies and requirements.
  • Assist in maintaining SMTB AD’s inventory of third-party relationships and associated risk classifications.
  • Support regulatory examinations, internal audits, and independent reviews relating to third-party risk management.
  • Participate in periodic reviews of program effectiveness and regulatory change management activities.
  • Provide oversight of onboarding activities to ensure compliance with internal standards and regulatory requirements.
  • Review risk-based due diligence packages before onboarding approvals.
  • Work with the vendor owner, Legal and other stakeholders to ensure contracts and service agreements include the required risk management provisions – including: audit rights, regulatory access provisions, information security requirements, confidentiality and data protection obligations, business continuity and disaster recovery expectations, performance standards and service level agreements, incident notification requirements and termination/transition provisions.
  • Support ongoing monitoring of third-party relationships based on risk tiering and criticality and ensure an appropriate monitoring framework is in place within the overall TPRM Framework.
  • Review periodic performance reports, service level metrics, cybersecurity assessments, financial health reviews, audit reports, control assessments, and regulatory developments.
  • Escalate emerging risks, control weaknesses, and material issues to management as appropriate.
  • Support preparation of third-party risk reporting (including key risk indicators) for committees and senior management.
  • Work with Administration, Planning and other stakeholders to maintain a centralized tracking of remediation activities and corrective action plans.
  • Assist in remediation efforts associated with examination findings, audit observations, and risk assessments.
  • Review vendor termination activities to ensure risks are appropriately managed through contract expiration, termination, or transition.
  • Work with vendor owner, Administration, Planning and other stakeholders to verify completion of required offboarding activities, including data return or destruction, access revocation, transition planning, and documentation retention.
  • Assess residual risks associated with vendor exits and transition arrangements.
  • Work with each CUSO entity to ensure the entity maintains an effective third-party risk management program, framework and required oversight as mandated by their specific regulators and aligned with their risk profile.
  • Establish and maintain a U.S. Third Party Risk Framework, ensuring each CUSO entity is aware and aligned with the U.S. framework.
  • Work with each CUSO entity to understand current gaps, remediations and emerging risks related to both their Third Party Risk program and processes, as well as critical third parties.

Benefits

  • PAID TIME OFF
  • MEDICAL
  • HSA
  • VISION
  • DENTAL
  • FSA
  • 401(K)
  • PROFIT SHARING
  • LEGAL PLAN
  • CANCER INDEMNITY PLAN
  • DISABILITY INSURANCE
  • LIFE INSURANCE
  • EMPLOYEE ASSISTANCE PROGRAM
  • COMMUTER BENEFITS
  • BUSINESS TRAVEL ACCIDENT
  • PAID VOLUNTEER DAY
  • PAID MEMBERSHIPS
  • PAID SEMINARS
  • TUITION ASSISTANCE
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service