Third Party Risk Management Director

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

The Third Party Risk Management program at CNA coordinates and performs risk management assessments across cybersecurity, business continuity, compliance, and general operational risk controls throughout the lifecycle of the Third Party relationship. This position is responsible for managing and directing the day-to-day operations of CNA's Third Party assessment pipeline including the supervision and management of CNA employees and external consultant resources.

JOB DESCRIPTION :

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines :

• Manages those that perform Third Party Risk assessments for complex, sensitive, and escalated Third Party assessments, including those requiring on-site reviews. In the course of executing these critical and sensitive assessments, evaluates Third Party questionnaire responses, perform control review / validation, and assess documentation per established procedures and standards.
• Perform periodic quality assurance and review of Third Party Risk assessments performed by all assessment team members to ensure that all assessments meet established standards and expectations. Coach, train, and hold those conducting the assessments accountable for following the established processes.
• Leads the team that actively solicits business partner engagement and buy-in by attending, and organizing where appropriate, periodic meetings with business partners to ensure Third Party Risk Management is appropriately meeting business needs.
• Review and submit program analytics to leadership covering process utilization metrics, program Key Performance Indicators, Third Party Risk Key Risk Indicators, and escalation reporting and management.
• Develop and maintain interaction model with all relevant CNA Business and Risk Stakeholders. Ensure they are appropriately looped into TPRM processes and enabled to support TPRM through workflow, reporting, and analytics
• Provide oversight of day-to-day assessment operations by providing guidance and training to Third Party Risk Management consultant resources, as required in the course of Third Party Risk Assessment execution.
• Ensure the team is managing assessment execution timelines by leveraging Key Performance Indicators and managing internal / external escalations as needed.
• Oversee Third Party Risk Management's remediation action / issue management process to ensure timely closure of identified control gaps.

May perform additional duties as assigned.

Reporting Relationship

AVP or above

Skills, Knowledge & Abilities

Education & Experience

In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees - and their family members - achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA's benefits, please visit cnabenefits.com.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.

Salary : $97,000 - $189,000