Third Party Program Execution / Program Management

NT’s Chief Procurement Officer’s team for Third Party Management (TPMO) is responsible for design and execution of the Third Party risk management program in line with regulatory expectations, NT’s Third Party Risk Management Policy, and Third Party Practice Standard.

We are in a phase of growth and transformation. While you’ll be hired for a specific role, your role may evolve as we scale – expanding into areas aligned with your strengths and program needs. We’re looking for partners who thrive in change, think like problem solvers, and bring skills in project management, process management, and change leadership.

If you’re excited to grow with us and pivot when needed, you may be a fit for this role.

This role will report to one of several team managers within the TPMO, which is the 1st line of defense for third party risk. Primarily, you will work closely with the TPMO team manager to assist in strategy and design decisions, business as usual process improvement and/or the direct execution or indirect execution (directing others on how to execute) of the program as per the Third Party Standard.

The role holder will be an expert in Third Party Risk Management and would be well versed in execution aspect of the program related to the entire lifecycle of third party engagements. This is a central role interacting with business units, 2nd line of defense, other team leads and offshore quality control team.

Major Duties:

• Responsible for tracking program throughput through the various third party management life cycle elements (Planning, IRQs, DDQs, Ongoing Monitoring, Contracting and Termination), periodic inventory review, open issues and open risk acceptance review and tracking of all internal projects
• Primary area of focus will be to align to the formal, enterpriselevel program and processes that require consistent identification, logging, tracking, remediation, validation, and reporting of thirdpartyrelated issues and incidents. These processes explicitly rely on ServiceNow for issue/incident tracking and Coupa for linkage to supplier risk, due diligence, and contractual context.
• Responsible for designing and periodically reviewing program related artifacts, risk methodologies, service categories and associated risk profile, reporting thresholds etc.
• Accountable for assisting and guiding business partners through various stages of third party lifecycle to ensure quality program execution
• Identify gaps and drive continuous improvement across the TPRM lifecycle (e.g., onboarding, due diligence, monitoring, offboarding)
• Suggest and participate in improvement projects that automate or streamline repetitive tasks (e.g., through Coupa tools or workflow automation platforms).
• Maintain strong documentation and evidence of controls, risk decisions, and remediations.
• Track milestones, dependencies, and deliverables across projects and/or an assigned portfolio of relationships
• Engage with risk domain SMEs, vendors and vendor relationship managers
• Serve as the point of contact for program performance updates, risk issue escalations, and regulatory reviews
• Responsible for engaging with and assisting 2LOD partners by providing business users' input for 2LOD deliverables
• Use dashboards and key risk indicators (KRIs) to monitor third-party risk posture and performance and determine areas of focus
• Report progress to the board, risk committees, and regulators as needed
• Participate in cross-functional teams associated with Third Party program requirements in areas such as design & strategy, enterprise critical vendor management, and other SMEs related subjects.

Knowledge/Skills

• Proven track record managing vendor risk and/or leading large-scale risk or compliance initiatives.
• Expertise in third-party risk frameworks and regulatory requirements.
• Experience with tools such as Coupa, ServiceNow, Cybeta, Interos or similar.
• Strong organizational skills.
• Ability to influence activities across multiple teams and across business units

• Outstanding writing, communication, and presentation skills
• Sound analytical and problem-solving skills
• Strong networking ability to develop internal and external networks based on integrity and credibility through active listening and understanding

Experience

• Bachelor's degree and approximately 10 years of related work experience with clear understanding of and experience in the Three Lines of Defense model
• A thorough understanding of third-party (i.e., vendor, supplier, etc.) risk management, with prior experience in designing program solutions, risk scoring and aggregation methodologies and designing committee reporting
• Understanding of global risk regulatory requirements with emphasis on US (OCC Bulletins, FFIEC, FRB, FDIC) or UK (PRA, FCA)
• A TPRM related certification such as CTPRP or CTPRA

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.