- Facilitate third party risk assessments for initial due diligence and ongoing oversight of third party vendor services. This includes collection of documents and analysis, third party risk assessment questionnaire requirements, reviewing audited reports of controls (i.e. SSAE18, SOC Type II, PCI AoC/RoC) and other information to support full evaluation of any potential outsourcing risks.
- Partner and coordinate closely with internal stakeholder areas (i.e. Information Security, Enterprise Risk Management, Business Continuity Program Office, Credit Administration, and Compliance) to facilitate and evaluate 3rd party service providers.
- Identify, assess and champion remediation efforts/projects for material supplier risks
- Measure and monitor progress of supplier risk management activities, including issues tracking and risk remediation efforts, monthly and quarterly status reporting, key supplier metrics and periodic updates to senior business leadership on supplier risks
- Effectively communicate and partner with senior management in support of their third party strategic initiatives
- Oversee third party vendors across multiple business portfolios interfacing with several key stakeholders
- Champion the enterprise Vendor Management purpose throughout the organization; train and advise internal CNB staff on the vendor management processes
- Provide risk awareness and training to colleagues in support of CNB’s Third Party Risk Management Policies and Procedures
- Escalate issues (delays; significant gaps; uncooperative parties; etc.) to management as required; work to resolve issues as needed
- Lead various ad hoc projects supporting program enhancements, process improvements, and other functions
- Responsible for operational reporting, KRI reporting, regulatory reporting, progress tracking, and other reporting, as needed
- Assist team with prioritization of workload
Must-Have*
- Minimum of six years of third party risk management experience in the financial services industry, conducting risk assessments, and reporting on KRIs
- Minimum of four years of experience in risk and controls identification, appropriately scoping assessments, providing credible challenges, and performing assurance testing.
- Minimum of four years working with a GRC system, incorporating continuous improvement for the system and process.
Skills and Knowledge
- Comprehensive knowledge of third party and information technology risk management processes and methodologies
- Experience assessing cloud servicing arrangements
- Six Sigma certification
- Industry recognized third party risk management or vendor management certification
- Experience using third party risk management /Governance, Risk and Compliance (GRC) systems
- Experience assessing contracts, including master service agreements, statements of work, and license agreements.
- Experience assessing cloud servicing arrangements
- Knowledge of and experience in designing and operating governance, frameworks and processes to comply with vendor management / third party risk management related regulatory requirements, guidance and oversight (OCC 2013-29, Fed SR 13-19 or other relevant third party risk management / vendor management regulation applicable to the financial services industry)
- Currently hold or quickly obtain industry recognized third party risk management or vendor management certification
- Excellent oral and written communication skills; experience performing both detailed and executive-level documentation
- Advanced knowledge of Microsoft Office tools; specifically, Excel, PowerPoint and SharePoint
- Experience with reporting platforms such as Tableau, SQL scripts, and Microsoft SSRS desirable
- Strong project management skills (organizing, planning, reporting, documenting, driving tasks to closure, etc.)
- Excellent oral and written communication skills; ability to communicate with all levels of management; experience performing both detailed and executive-level documentation
- Advanced knowledge of Microsoft Office tools; specifically, Excel and PowerPoint
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.’