Vendor Assessment & Risk Controls Lead

Is the opportunity to join a culture where “We Do the Right Thing,” and “We Courageously Shape Our Future Together” important to you? If so, we are seeking a collaborative and motivated individual to join our team.

This role will be responsible for ensuring delivery and compliance of Vendor Assessments and providing Issues Management guidance as part of the Vendor Assessments & Controls function.

You will

• Provide guidance and support to vendor assessment activities to Vendor Assessment & Controls team and business partners
• Analyze intake to prioritize assessments for recertifications of existing vendor relationships and certain new vendor assessments
• Perform quality reviews of vendor assessments to ensure compliance with process and records and reports are comprehensive and accurately maintained.
• Ensure Vendor assessment Processes and Issues Treatment are consistently applied, and procedures are followed in a consistent manner
• Provide performance feedback of analyst team to Vendor Assessment leadership
• Provide guidance to business relationship owners to raise awareness of policy & procedures, as well as reinforce roles and responsibilities, and identify potential risks and mitigants
• Guide internal business partners in identification and remediation of issues associated with third party engagements including leading of issue remediation calls with third parties and business partners
• Escalate critical risks and aging items, and present ad hoc reporting to Vendor Assessment leadership
• Perform periodic third-party risk assessments, through application of criteria and external information (e.g., SOC reports, Security Scorecard, HITRUST, ISO 27001, etc.).
• Leverage external assessments, data, and monitoring tools to drive efficiency and closure in the delivery of vendor assessments
• Champion productivity initiatives utilizing industry’s best practices and artificial intelligence in performance of responsibilities

You have

• No less than 7 years professional experience in business operations, project/program management, risk management, vendor management, information security, business analytics, and/or similar.
• BS/BA degree, Advanced Degree preferred or equivalent experience
• Certification in risk management and/or third-party risk management preferred
• 7+ years of Operational and/or Third-Party Risk Experience required
• Ability to conduct thorough third-party risk assessments, through application of established criteria.
• Strong understanding of the principles of risk management, information security and their relationship to corporate governance activities such as operational risk assessment and organizational impact
• Clear understanding of industry standards risk analysis approaches: ISO, COBIT, COSO, as well as regional standards and regulations; Sarbanes Oxley, Basel II, GLBA, HIPAA and crisis management/business resiliency practices.
• Demonstrated consistent credibility as a subject matter expert with business partners and leadership while recommending initiatives, identifying gaps, and potential issues
• Ability to collaborate with internal partners and third parties to mitigate and otherwise resolve third party risks influencing business decisions, and applying professional judgment for selecting the appropriate methods and techniques
• Strong analytical and critical thinking skills and attention to detail
• Knowledge of vendor management, operational risks, and trends relevant to financial services and insurance staying abreast of current and pending regulatory and compliance requirements
• Ability to provide virtual leadership and guidance to the analyst level team on best practice and continuous improvements for processes, assessments, and other operational activities.
• Strong knowledge of and experience in risk management and internal controls required spanning fraud, legal liability, regulatory, privacy, information and cyber security, reputational harm, business resiliency, theft of assets, financial losses, and errors/omissions.

In addition, these competencies are needed:

• Demonstrated leadership skills that instill trust and confidence with an ability to influence execution
• Resource/workload management knowledge
• Experience in large companies and/or complex environments, or providing professional consulting services for them
• Demonstrated abilities in problem-solving and analysis including identification of issues, analysis of information to assess root cause and relationships, risks, and potential risk responses.
• Proven ability to synthesize and summarize complex data into concise recommendations and reports.
• Excellent written and verbal communication skills to deliver thorough messaging in a concise, persuasive, and succinct manner
• Demonstrated ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment-with periodic supervision.
• Ability to work collaboratively and manage and initiate effective cross-functional relationships maintaining an elevated level of professionalism, self-motivation, and a keen sense of urgency
• Strong computer skills, including MS Office products (e.g., Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses. Experience with GRC tools (e.g., Archer) is a plus.
• Competency in customer focus, change & innovation, strategic thinking, relationship building & influencing, talent management, results focus and inspirational leadership.
• Ability to manage effectively and work closely with business leaders in a high pressure, fast-paced, highly collaborative environment with multiple deadlines and competing priorities