Job Description:The Third Party Risk Officer is responsible for the development, implementation, and ongoing oversight of the Bank's Third Party Risk Management (TPRM) Program. This role ensures that risks associated with third-party vendors, service providers, and FinTech partners are identified, assessed, monitored, and mitigated in accordance with regulatory expectations and the Bank's risk appetite.
The Officer leads a team of TPRM subject matter experts and provides governance, guidance, and oversight across all stages of the third-party lifecycle, including due diligence, contracting, performance monitoring, and termination. This role partners with business units, risk management, compliance, legal, and other functions to ensure a consistent and effective third party risk framework.
Main Job Tasks and Responsibilities:- Design, implement, and maintain the Bank's Third Party Risk Management policies and procedures.
- Ensure alignment with TPRM regulatory guidance.
- Establish and maintain governance structures, including committees, reporting, and escalation processes.
- Prepare and present program reports, risk insights, and metrics to senior management and the Board.
- Periodically review and enhance the TPRM program to reflect evolving risks and regulatory expectations.
- Collaborate with Legal in reviewing third-party contracts. (e.g., risk clauses, SLAs, right-to-audit)
- Provide training and awareness to staff on third-party risk management practices.
- Oversee risk-based due diligence processes for onboarding and ongoing monitoring of third parties.
- Ensure proper risk tiering/classification of vendors based on criticality and inherent risk
- Evaluate third-party controls across key risk domains. (e.g., information security, financial health, operational resilience, compliance)
- Review and challenge risk assessments and due diligence results for completeness and accuracy.
- Establish continuous monitoring processes, including performance metrics, SLAs, and risk indicators.
- Track, report, and escalate identified issues, control gaps, and remediation activities.
- Ensure timely resolution of findings related to third-party risk from audits, regulatory exams, and internal reviews.
- Partner with business units to provide guidance on third-party selection, contracting, and risk mitigation strategies.
- Maintain and enhance TPRM systems/tools and vendor inventory.
- Develop and deliver key risk indicators (KRIs), dashboards, and reporting for senior leadership.
Education and Experience: - Seven or more years of experience in third party or related risk management roles (third-party risk management, auditing, operational risk, or compliance-related experience).
- Demonstrated experience building or managing a Third Party Risk Management program.
- Strong knowledge of regulatory expectations.
- Experience interacting with regulators and leading audit or exam responses.
- Familiarity with third-party risk management platforms and tools.
- Bachelor's degree in a business-related field of study.
Key Competencies:- Strong stakeholder management and collaboration skills.
- Proven experience presenting to senior leadership and governance committees.
- Strong decision-making and escalation judgment.
- Excellent written and verbal communication skills.
- Ability to translate complex risk concepts into clear, actionable insights.
- Skilled in use of MS Office suite, and ability to easily adapt to and utilize new technologies.
- Continuous improvement mindset with focus on efficiency and effectiveness.
- Strong organizational and project management skills.