Vendor Risk Specialist Manager

Job Description

This position is part of City National Bank’s (“CNB’s”) Vendor Management Office and is responsible for managing all enterprise wide third party risk evaluations and related processes. This role will be a management role leading a team of resources to ensure all third party risk assessments are properly conducted, reviewed, and documented. CNB established the Vendor Management Office to support the third party risk management framework.
What you will do
  • Manage and facilitate third party risk assessments for initial due diligence and ongoing oversight of third party vendor services. This includes reviewing audited reports of controls (i.e. SSAE18, SOC Type II, PCI AoC/RoC) and other information to support full evaluation of any potential outsourcing risks.
  • Serve as escalation point for team members to review complex risk assessments and properly disposition issues/concerns
  • Partner and coordinate closely with internal stakeholder areas (i.e. Information Security, Enterprise Risk Management, Business Continuity Program Office, Credit Administration, and Compliance) to ensure proper engagement during the due diligence phase of vendor management
  • Manage and oversee remediation efforts/projects for material supplier risks
  • Provide monthly and quarterly status reporting, key supplier metrics, key risk indicators, and periodic updates to senior business leadership on supplier risks
  • Champion the enterprise Vendor Management purpose throughout the organization; train and advise internal CNB staff on the vendor management processes
  • Provide risk awareness and training to internal staff in support of CNB’s Third Party Risk Management Policies and Procedures
  • Prioritize and manage team’s workload
  • Lead with various ad hoc projects supporting program enhancements, process improvements, and other functions
  • Manage team of resources, including workload, performance management, training, etc.


  • Minimum of ten years of third party risk management, conducting risk assessments, and reporting on KRIs
  • Minimum of five years in a management role
  • Minimum of five years of experience in risk and controls for information technology and cybersecurity, appropriately scoping assessments, providing credible challenges, and performing assurance testing.
  • Minimum of five years working with a GRC system, incorporating continuous improvement for the system and process.

Skills and Knowledge

  • Industry recognized third party risk management or vendor management certification
  • Six Sigma certification
  • Comprehensive knowledge of third party and information technology risk management processes and methodologies
  • Experience using third party risk management /Governance, Risk and Compliance (GRC) systems
  • Experience assessing contracts, including master service agreements, statements of work, and license agreements.
  • Experience assessing cloud servicing arrangements
  • Knowledge of and experience in designing and operating governance, frameworks and processes to comply with vendor management / third party risk management related regulatory requirements, guidance and oversight (OCC 2013-29, Fed SR 13-19 or other relevant third party risk management / vendor management regulation applicable to the financial services industry)
  • Excellent oral and written communication skills; ability to communicate with all levels of management; experience performing both detailed and executive-level documentation
  • Advanced knowledge of Microsoft Office tools; specifically, Excel, PowerPoint and SharePoint
  • Experience with reporting platforms such as Tableau, SQL scripts, and Microsoft SSRS desirable
Starting base salary: $122,535 – $208,715 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Benefits and Perks
At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues. Get an inside look at our Benefits and Perks.
City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.’
We start with a basic premise: Business is personal. Since day one we’ve always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies.

More Information

Apply for this job

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...