Vendor Management Officer

The Manager of Third-Party Risk Management (TPRM) will be responsible for overseeing the processes and systems in place to identify, assess, mitigate, and monitor risks associated with third party vendors or service providers. The manager will collaborate with stakeholders including IT Risk, Compliance, Enterprise Risk, and business leaders. This role is critical given the Bank's reliance on third parties in providing its products and services and ensuring that third party relationships do not expose the bank to undue risks, such as operational, financial, legal, regulatory, or reputational risks. This individual will ensure that third party relationships are properly managed and monitored to minimize risk exposure in accordance with regulatory guidelines and internal policies.Identifies inherent risks; manage the ongoing oversight activities for all of the Bank's vendor relationships. Maintains documentation related to oversight procedures performed on the Bank's critical vendors.Work with first line business units to ensure appropriate vendor monitoring activities are conducted and documentation submitted on a timely basis. Establish vendor scorecards & metrics that will indicate effective reporting/performance management.Oversees coordination of annual re-evaluations efforts such that oversight plans are updated, and appropriate ongoing monitoring occurs. Initiate Off-Boarding activities with the business; expedite necessary actions to terminate all impacted , tracks and reports vendor progress and/or escalated issues to drive timely risk mitigation and closure. Maintains and organizes vendor database and evidence for compliance.Analyzes Key Risk Indicator (KRI) reporting. Monitor negative media events and vendor industry developments.Actively remain current with industry standards, trends, competitive intelligence on vendor management best practices.Evaluate vendor documents to determine acceptability based on business unit needs and industry standards.Monitor the day-to-day risk mitigation, monitoring, and reporting for third party relationships, conducting independent analyses that provides greater insight into risk exposures and mitigation efforts.All employees are responsible for compliance with the Bank Secrecy Act and in some roles, OFAC regulations. Depending on your job responsibilities, more or less aspects of the regulations may apply, but at a minimum , all employees are responsible for reporting suspicious activity they identify in the course of performing their job duties. This includes activities conducted by customers, fellow employees, board members, and vendors. Requirements Must be detail oriented, accurate and have strong follow-up skills.Ability to work independently to achieve goals and see projects through to completion.Strong written and verbal communication skills.Excellent time management and organizational skills.Strong analytical and negotiation skills.Proficient in Microsoft Office Suite.Advanced level understanding of SOC reports, user entity level controls, control mapping and inherent and residual risk theories and methodologies.Advanced knowledge of applicable federal and state banking laws, rules and experience in vendor management, contract management, risk management, audit and/or compliance.Advanced knowledge of banking/financial industry trends, products and services.Significant experience working with all levels of staff, management, stakeholders, vendors.Demonstrated knowledge of basic risk principles, concepts, and policies.Proven experience in designing and managing enterprise-wide third-party risk management programs.Familiarity with third party risk management tools and systems.Knowledge of regulatory expectation relating to third party risk management, contract management.General knowledge of risk management fundamentals.Education & ExperienceBachelor's degree in Business Management, Business Administration, Risk, Economics, Supply Chain Management or equivalent.Relevant Certifications including CRVPM (Certified Regulatory Vendor Program Manager), Industry Sponsored Certification CISA, CRISC, CISSP preferred.8-10 years of experience in financial services, developing, executing, updating, and managing vendor risk management programs.5 Years Risk Management required, Third Party or Vendor Risk Management or Information Security, Data Security, Privacy or Technology experience preferred.HoursFull-time (Hybrid or Remote)

Created: 2024-11-11