CardWorks

AVP, Third-Party Risk Management

CardWorks$100K — $130K *
US-Anywhere
+ 3 other locationsRemote
Finance & Insurance
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree required; advanced degree or relevant certification preferred.
  • Minimum 8 years of experience in Third-Party Risk Management or related areas within financial services.
  • Strong expertise in enterprise risk reporting and presentation to executives.
  • In-depth knowledge of third-party risk regulatory requirements and lifecycle management.
  • Proven ability to influence and collaborate across teams and functions.

Responsibilities

  • Lead the execution and enhancement of the Third-Party Risk Management framework.
  • Oversee risk-based due diligence and assessments throughout the third-party lifecycle.
  • Partner with business units to assess and mitigate third-party risks.
  • Provide senior level reviews of risk assessments to ensure documentation and escalation policies are followed.
  • Monitor third-party performance and escalate risks as needed.
  • Design and maintain TPRM policies and workflows to ensure consistency organization-wide.
  • Deliver executive-level reporting on third-party risk exposure and trends.

Benefits

  • Opportunities for career advancement and professional development.
  • Exposure to senior management and governance committees.
  • Mentorship opportunities to develop leadership skills.
  • Collaborative work environment with cross-functional teams.
Full Job Description

The Assistant Vice President, Third-Party Risk Management (“TPRM”) is responsible for leading key components of the execution, oversight, and strategic enhancement of Merrick Bank’s (“Bank”) Third-Party Risk Management Program. This role partners across the first and second lines of defense to ensure risks arising from third-party relationships are effectively identified, assessed, monitored, and reported in alignment with regulatory requirements, internal policies, and the Bank’s risk appetite.


The AVP serves as a senior program leader responsible for advancing enterprise TPRM strategy, strengthening risk governance, driving consistent risk practices, and delivering actionable insights to senior management and risk governance committees.

Essential Functions:

  • Lead the execution and ongoing enhancement of the Bank’s Third-Party Risk Management framework, ensuring alignment with regulatory expectations and internal governance standards.
  • Oversee risk-based third-party due diligence, risk assessments, and ongoing monitoring activities across the full third-party lifecycle, ensuring consistent, defensible, and risk-informed outcomes.
  • Partner with business units, Vendor Relationship Owners, and Subject Matter Experts to identify, assess, and mitigate risks associated with third-party relationships.
  • Provide senior level review and challenge of third-party risk assessments, ensuring conclusions are evidence-based, appropriately documented, and escalated when risk exposure exceeds defined thresholds.
  • Monitor third-party performance, control effectiveness, and risk indicators, escalating issues, control gaps, and emerging risks in accordance with established governance protocols.
  • Lead the design, development, and maintenance of TPRM policies, procedures, standards, and workflows to support a consistent enterprise-wide operating model.
  • Define and Deliver executive, committee, and Board-level reporting that provides clear visibility into third-party risk exposure, trends, issues, concentrations, and emerging risks.
  • Collaborate with Legal, Procurement, Information Security, Compliance, and business stakeholders to ensure appropriate contract provisions, controls, and risk mitigation strategies are implemented.
  • Lead TPRM responses for regulatory exams, internal audits, and independent reviews, including documentation, analysis, issue remediation, and management responses.
  • Drive the TPRM program maturity roadmap, including process improvements, automation, data quality, GRC optimization, regulatory alignment, and adoption of industry best practices.
  • Leads, develops, and mentors TPRM teams, promoting strong risk culture, accountability, high performance, and continuous improvement.
  • Partner with ERM leadership to establish TPRM priorities, roadmap initiatives, governance routines, and success measures aligned to enterprise risk strategy and business objectives.
  • Identify and escalate third-party concentration risk, critical vendor risk, fourth-party risk, control gaps, and emerging risk themes to appropriate governance forums.
  • Delivers executive, committee, and Board level risk reporting, including dashboards and risk insights that support informed decision making and effective oversight.
  • Owns continuous improvement of TPRM tools, data, workflows, reporting, and GRC system capabilities to improve efficiency, transparency, data integrity, and regulatory readiness.
  • Performs other duties as assigned.

 

Requirements for Success:

Education & Experience:

  • Bachelor’s degree in Risk Management, Finance, Business Administration, Accounting, or a related field required; advanced degree or professional certification, such as CTPRP, CTPRA, CRVPM, CRMA, FRM, CPA, OR CIA preferred.
  • Minimum of 8 years of progressive experience in Third-Party Risk Management, Enterprise Risk Management, Operational Risk, or a related risk discipline within a financial services or regulated environment, including experience leading program initiatives, risk governance routines, and team members

Knowledge, Skills and Capabilities:

  • Strong expertise in enterprise risk reporting, including development of executive and Board level materials, risk dashboards, metrics, and written risk summaries.
  • In-depth knowledge of third-party risk regulatory requirements and industry standards, including full TPRM lifecycle.
  • Demonstrated experience aggregating and synthesizing complex risk information into clear, concise, and decision useful reporting for senior management and Boards.
  • Solid understanding of ERM frameworks, risk governance practices, and regulatory expectations applicable to banking and financial services organizations.
  • Proven ability to work cross functionally, influence stakeholders, and partner effectively with both first and second line teams.
  • Excellent written and verbal communication skills, with a strong attention to detail and the ability to translate technical risk concepts into business focused insights.
  • Experience with ERM systems and risk data repositories (e.g., risk assessment tools, issue management systems, reporting platforms) strongly preferred.

 

Compliance with Laws & Regulations

  • Responsible for complying with all the Bank’s internal control policies and procedures.
  • Responsible for understanding and complying with all laws and regulations to which the Bank is subject.
  • Responsible for communicating problems in operations, noncompliance with the code of conduct, noncompliance with laws and regulations, policy violations, or illegal acts.

 

#INDHP1

 

About CardWorks

CardWorks is a financial services company that provides a range of credit card and loan products to consumers. The company was founded in 1987 and is headquartered in New Haven, Connecticut. CardWorks offers credit cards, personal loans, and merchant services through its various subsidiaries, including Merrick Bank, Continental Finance, and Genesis Financial Solutions. The company has a focus on serving consumers with less-than-perfect credit, and its products are designed to help customers build or rebuild their credit scores. CardWorks has over 1,000 employees and is committed to providing excellent customer service and innovative financial solutions.
Learn more about CardWorks
Size
1,000 employees
Industry
Founded
1987

Similar Jobs

More Jobs at CardWorks

More Finance & Insurance Jobs

Find similar AVP, Third-Party Risk Management jobs: