As a Corporate Security and Resilience Manager at Citizens Bank you’ll lead an expert team of analysts performing Third Party Cyber Quality Assurance on the vendor assessments that the team completes within the Citizens Bank vendor population.
The Third Party Vendor Assessment function adds value by providing specific business line assurance on vendors, in relation to data protection, customer, financial and reputational risks.This will include managing relationships with the business and vendors, providing robust and challenging insight on business risk and on the adequacy and effectiveness of the control processes in place.
In addition, you will manage the delivery of the Third Party Vendor Assessment (TPVA) reviews, providing opinion on the quality of the vendor control environment including identifying issues and subsequently assisting the business to agree on the appropriate action plan to mitigate the risk. As a key member of the leadership team, this role holder will partner with enterprise policy owners to ensure that control sets maintain currency and tackle an ever changing threat environment.
In this role, your primary responsibilities will include:
- Leading a team of analysts at various levels and being responsible for coaching, mentoring and guiding performance and their day to day responsibilities.
- Leading issue management, facilitating risk and compliance discussions in the resolution of issues
- Partnering with Procurement Services operations and Third Party Risk to optimize the vendor end to end process.
- Optimizing scheduling of TPVA routines including vendor reviews and strategic business reviews
- Coordinating maintenance of TPVA procedures and process flows
- Coordinating vendor related business incident management activities and preparing and cascading associated communications
- Coordinating TPVA efforts supporting business line audit and regulatory exams while overseeing the planning of new and recurring vendor reviews and strategic business reviews.
- Determining that efforts are not duplicated across the group and appropriately reflect the groups inherent and residual risk models or monitoring guidelines
Experience and Skills:
- 5 years or more of management experience
- 3 years or more of experience working with Third Party Assessment Programs
- Minimum of 5 years of experience in an IT Risk, Audit, Information Security or Assurance, and understanding of Audit or Security & Risk
- Demonstrated experience assessing, identifying and mitigating risk issues early in the process, including the proper allocation and management of such risks
- Proven interpersonal skills both written and verbal to interact with multiple departments and vendors to achieve delivery objectives
- Strong organizational and planning skills
- Strong experience with Archer tool for Governance Risk and Compliance (GRC) programs.
- Strong MS Office skills including MS Word, MS Power Point, and MS Excel
- Strong thought leadership in Risk Management and ability to act as required
- Working knowledge of Banking Regulations (OCC, FDIC, FRB)
- Current banking / financial services work experience
Education and Certifications:
- Bachelor's degree in business or a related field preferred
- Certified CISA, CISM or CISSP