The Assistant Vice President, Third-Party Risk Management (“TPRM”) is responsible for leading key components of the execution, oversight, and strategic enhancement of Merrick Bank’s (“Bank”) Third-Party Risk Management Program. This role partners across the first and second lines of defense to ensure risks arising from third-party relationships are effectively identified, assessed, monitored, and reported in alignment with regulatory requirements, internal policies, and the Bank’s risk appetite.
The AVP serves as a senior program leader responsible for advancing enterprise TPRM strategy, strengthening risk governance, driving consistent risk practices, and delivering actionable insights to senior management and risk governance committees.
Essential Functions:
- Lead the execution and ongoing enhancement of the Bank’s Third-Party Risk Management framework, ensuring alignment with regulatory expectations and internal governance standards.
- Oversee risk-based third-party due diligence, risk assessments, and ongoing monitoring activities across the full third-party lifecycle, ensuring consistent, defensible, and risk-informed outcomes.
- Partner with business units, Vendor Relationship Owners, and Subject Matter Experts to identify, assess, and mitigate risks associated with third-party relationships.
- Provide senior level review and challenge of third-party risk assessments, ensuring conclusions are evidence-based, appropriately documented, and escalated when risk exposure exceeds defined thresholds.
- Monitor third-party performance, control effectiveness, and risk indicators, escalating issues, control gaps, and emerging risks in accordance with established governance protocols.
- Lead the design, development, and maintenance of TPRM policies, procedures, standards, and workflows to support a consistent enterprise-wide operating model.
- Define and Deliver executive, committee, and Board-level reporting that provides clear visibility into third-party risk exposure, trends, issues, concentrations, and emerging risks.
- Collaborate with Legal, Procurement, Information Security, Compliance, and business stakeholders to ensure appropriate contract provisions, controls, and risk mitigation strategies are implemented.
- Lead TPRM responses for regulatory exams, internal audits, and independent reviews, including documentation, analysis, issue remediation, and management responses.
- Drive the TPRM program maturity roadmap, including process improvements, automation, data quality, GRC optimization, regulatory alignment, and adoption of industry best practices.
- Leads, develops, and mentors TPRM teams, promoting strong risk culture, accountability, high performance, and continuous improvement.
- Partner with ERM leadership to establish TPRM priorities, roadmap initiatives, governance routines, and success measures aligned to enterprise risk strategy and business objectives.
- Identify and escalate third-party concentration risk, critical vendor risk, fourth-party risk, control gaps, and emerging risk themes to appropriate governance forums.
- Delivers executive, committee, and Board level risk reporting, including dashboards and risk insights that support informed decision making and effective oversight.
- Owns continuous improvement of TPRM tools, data, workflows, reporting, and GRC system capabilities to improve efficiency, transparency, data integrity, and regulatory readiness.
- Performs other duties as assigned.
Requirements for Success:
Education & Experience:
- Bachelor’s degree in Risk Management, Finance, Business Administration, Accounting, or a related field required; advanced degree or professional certification, such as CTPRP, CTPRA, CRVPM, CRMA, FRM, CPA, OR CIA preferred.
- Minimum of 8 years of progressive experience in Third-Party Risk Management, Enterprise Risk Management, Operational Risk, or a related risk discipline within a financial services or regulated environment, including experience leading program initiatives, risk governance routines, and team members
Knowledge, Skills and Capabilities:
- Strong expertise in enterprise risk reporting, including development of executive and Board level materials, risk dashboards, metrics, and written risk summaries.
- In-depth knowledge of third-party risk regulatory requirements and industry standards, including full TPRM lifecycle.
- Demonstrated experience aggregating and synthesizing complex risk information into clear, concise, and decision useful reporting for senior management and Boards.
- Solid understanding of ERM frameworks, risk governance practices, and regulatory expectations applicable to banking and financial services organizations.
- Proven ability to work cross functionally, influence stakeholders, and partner effectively with both first and second line teams.
- Excellent written and verbal communication skills, with a strong attention to detail and the ability to translate technical risk concepts into business focused insights.
- Experience with ERM systems and risk data repositories (e.g., risk assessment tools, issue management systems, reporting platforms) strongly preferred.
Compliance with Laws & Regulations
- Responsible for complying with all the Bank’s internal control policies and procedures.
- Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
- Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.
#INDHP1