TPRM Governance, Operations, and Reporting Manager

About The Position

Requirements

• Bachelor’s Degree
• Third-party risk management experience that includes Compliance, Information Security, Technology, and Operational process assessments, including 5 or more years recent third-party risk management activities, audit, or related activity.
• Demonstrated understanding of the Third-Party Risk Management life cycle and risk assessment activities.
• Broad knowledge of the Three Lines of Defense Risk Management and Controls Assessment Models.
• Strong business focused decision making and problem-solving skills.
• Excellent interpersonal and leadership skills with a demonstrated ability to establish relationships with senior management across all business units.
• Provide ability to maintain confidentiality regarding sensitive information.
• Familiarity with Governance, Risk, and Compliance suite of tools, preferably Acher.
• Familiarity with using AI capabilities, preferably Copilot.
• At least one of the following: Certified Third-Party Risk Management Professional (C3PRMP), Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified in Risk and Information Systems Control (CRISC).
• Ability to communicate in person, on the phone, and through electronic channels
• Ability to use a computer on a frequent basis, including typing and sustained attention to a monitor
• Ability to sit, walk, and/or stand for extended periods of time
• Ability to bend and reach

Nice To Haves

• Knowledge of banking industry practices and regulatory requirements.
• Knowledge of information security concepts, practices, tools to effectively assess security risk, recommend risk mitigation activities, and communicate to the business unit.
• Experience with using Artificial Intelligence capabilities to support risk assessments or related activities.

Responsibilities

• Lead the governance framework for the TPRM Program, assuring alignment with regulatory expectations (e.g., OCC guidance), third party risk management best practices, internal policies, and integration of emerging risks.
• Develop, maintain, and enhance TPRM policies, standards, and procedures to support a consistent control environment across the bank.
• Lead the execution of the TPRM Program Strategy, Roadmap, and Workplan.
• Develop and deliver training for the TPRM team and business stakeholders across the bank to assure a clear understanding of the TPRM Program, roles, responsibilities, and expectations.
• Identify and execute TPRM reporting and metrics, including the development of dashboards and executive-level reporting that provide clear visibility into third-party risk exposures, trends, and program performance.
• Establish and monitor key risk indicators (KRIs), key performance indicators (KPIs), issue, exception management processes to support timely identification, escalation, and remediation of third-party risks.
• Oversee governance over critical and high-risk vendors, including oversight of risk profiles, risk tiering, segmentation, and alignment to business resiliency and concentration risk frameworks.
• Partner with cross-functional stakeholders (e.g., SOX, MRM, AIGA, Legal, Compliance, IT, and Business Units) to promote adherence to TPRM requirements and embed risk management practices into third-party lifecycle activities, and to identify opportunities to improve the TPRM Program.
• Identify, develop, and maintain TPRM technologies, including use of Artificial Intelligence (AI) capabilities, to perform TPRM responsibilities.
• Oversee TPRM vendor inventory and reconciliations.
• Oversee the vendor exit strategy and fourth party framework.
• Lead and facilitate internal audits and regulatory examinations by providing documentation, analysis, and responses related to third-party risk assessments
• It is the responsibility of this role to take ownership of all tasks and challenges that they encounter in the operation of their assigned position.
• Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.