Enterprise Risk Manager

SUMMARY: Responsible for overseeing aspects of the Bank’s Third Party Risk management program and other related risk management functions. The Enterprise Risk Manager defines and maintains standards within the organization with an emphasis on risk management and compliance with GLBA to protect private financial information in the management of Third Party Vendor relationships. This position will work with risk managers and business partners to maintain a comprehensive risk mitigation process associated with vendor management in accordance with Bank policy. The position will also assist with preselection due diligence and comprehensive review of selected vendors to ensure the third party meets the essential needs of the bank. It also requires conducting regular business reviews in cooperation with business partners to document ongoing due diligence for all vendor relationships. This position is also essential in supporting the Risk Assessment process and Business Continuity Programs for the Bank.

ESSENTIAL DUTIES and RESPONSIBILITIES:

• Builds strong and trusted partnerships with business leaders, acts as a conduit between Risk Management and the business units for effective vendor management; monitors performance, customer satisfaction and drives continuous improvement of Third Party Relationship Management Program to deliver value.
• Partner with relationship/department managers to ensure adherence to Third Party Relationship Management program by assisting with new third party review and setup, ongoing monitoring of existing vendors, and contract review processes (new and existing); Assist in the coordination with the business units in negotiation of contracts.
• Maintain, manage, and update the Vendor Management program, associated forms, policies and procedures as appropriate.
• Research and implement best practices for Vendor Risk Management, Business Continuity, and Incident Response; Maintain/develop Program documents such as Business Impact Analysis (BIAs), Plan, Procedures, Forms, Event Documentation to achieve departmental and Bank goals.
• Proactively identify and escalate risks and issues to the CRO, Information Security Manager and relevant department managers.
• Monitor new vendor approval and annual review status.
• Work with departments to ensure disaster recovery plans are accurate and complete.
• Update other Risk Management/Information Security policies, test plans and risk assessments as required.
• Work with information Security Manager, or other department managers on required Risk Assessment, and internal assessment audits/reviews.
• Serve as a business-focused, value-added partner to the Bank’s business units with respect to third party risk management, enterprise risk management, Business Continuity and Disaster Recovery, and Incident response issues.
• Support the CRO and Information Security Manager in: (1) conducting ongoing risk assessments, at the business unit and/or entity level; (2) conducting departmental audits, at the business unit and/or entity level; (3) monitoring for potential emerging risks; and (4) preparing materials for Risk Committee meetings.
• Support the fostering of a strong risk management culture through enterprise-wide interactions and education training on the third party risk management, enterprise risk management, Business Continuity and Disaster Recovery, and Incident response.
• Monitor and propose changes to the Bank’s operating environment related to third party risk management, enterprise risk management, Business Continuity and Disaster Recovery, and Incident response.
• Work with CRO and Information Security Manager to enhance and develop enterprise-wide analysis, reporting and monitoring tools in support of developing the Bank’s enterprise-wide risk management initiatives.
• Assist with preparation and support for internal, external audits and regulatory examinations as needed.
• Complete mandatory and elective training, including BSA (Bank Secrecy Act) and Anti-Money Laundering procedures. Maintain compliance with appropriate rules and regulations.
• Regular, predictable attendance is an essential requirement of this position
• Complete all other duties as assigned

EDUCATION, EXPERIENCE, OTHER SKILLS and ABILITIES:

• Strong Business & Technical Analytical skills with a background in Technology
• Bachelor’s Degree preferred
• 3-5 years’ experience in banking, vendor management, risk assessment process, business continuity, disaster recovery
• Certification Optional; Vendor Management Certifications, and or Certified Business Continuity Professional (CBCP) certification
• Strong organizational, decision-making, and problem resolution skills;
• Ability to multi-task and think globally; Issue escalation and resolution skills
• Strong oral and written communication skills - ability to present concise, direct and timely communications to executives, management and key partners
• Solid understanding of vendor management, business continuity program elements, requirements and standards including FFEIC and OCC guidance
• Proficient in Microsoft suite of applications (i.e. Excel, PowerPoint, Word, Project, Visio, etc.)
• Experience in finding best practices within and outside the organization to establish benchmark data and use continuous process improvement disciplines to achieve results
• Experience working both independently and in a team-oriented, collaborative environment
• Flexible with proven ability to conform to shifting priorities, demands and timelines

Farmers National Banc Corp. is an Equal Opportunity Employer: disability/veteran

Education

• High School or better

• Bachelors or better

Skills

• Vendor Management
• Risk Management

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)