Third Party Risk Program Manager

Job Responsibilities:

1. Third-Party Risk Management and Sourcing

Third-Party Risk Assessment and Management

• Design and execute a third-party risk management program aligned with the organization's overall risk strategy.
• Assess and categorize risks associated with third parties, suppliers, and partners, including operational, financial, regulatory, cybersecurity, and reputational risks.
• Conduct due diligence and periodic risk reviews of third parties to ensure compliance with company policies and regulatory requirements.
• Monitor and address third-party risks, including cybersecurity, operational, and regulatory risks, through ongoing oversight and audits.

Sourcing and Third-Party Selection

• Partner with internal stakeholders to define sourcing requirements and identify potential third parties.
• Lead the third party selection process, including RFPs and RFIs, ensuring alignment with cost, quality, and risk considerations.

Risk Mitigation and Compliance

• Develop and implement risk mitigation strategies for high-priority risks, including contingency plans for critical third parties.
• Ensure sourcing and third party risk management practices comply with applicable laws, regulations, and industry standards (e.g., NYDFS, ISO 27001, CCPA).
• Support internal and external audits, regulatory reviews, and assessments related to enterprise and third-party risk.

Third party Onboarding, Contract Management, and Monitoring

• Oversee the onboarding of third parties, including contract negotiations and risk assessments.
• Ensure contracts appropriately address and transfer risks to third-parties.
• Establish processes to ensure critical vendor key terms and service-level agreements (SLAs) are upheld.
• As needed, conduct ongoing monitoring and performance evaluations and compliance reviews for active third parties.

Cross-Functional Collaboration

• Collaborate with departments such as Accounting, Legal, Compliance, and IT to align third-party risk management and sourcing strategies with organizational goals.

Reporting and Analytics

• Develop and maintain risk and sourcing metrics, key performance indicators (KPIs), and key risk indicators (KRIs).
• Provide detailed reports and insights on third-party risks and sourcing performance to senior leadership.

Training and Awareness

• Design and deliver training programs to educate associates on ERM principles, third party risk management practices, and sourcing policies.
• Foster a culture of proactive risk management and compliance across the organization.

1. TPRM Manager

• Regularly evaluate team members' performance to provide constructive feedback, identify areas for improvement, and recognize achievements, thereby fostering professional growth and enhancing team effectiveness.
• Develop and oversee the TPRM team budget to ensure optimal allocation of resources, cost-effectiveness, and alignment with organizational financial objectives.
• Collaborate with senior management to define the strategic direction of the TPRM function, setting long-term goals, and formulating plans to achieve them, ensuring that the team's efforts align with the organization's overarching mission and objectives.
• Identify skill gaps within the team and facilitate training programs to enhance competencies, ensuring team members are well-equipped to manage emerging third-party risks effectively.
• Encourage and facilitate communication and cooperation between the TPRM team and other stakeholders (e.g. legal, IT, business continuity, compliance, vendor owners) to ensure a cohesive approach to risk management across the organization.

1. ChatGPT Integration and AI Risk Management Specialist

• Integrate and maintain AI solutions within the risk department to improve efficiencies and quality of outcomes (documentation and risk intelligence).
• In partnership with senior leadership and ChatGPT, lead and influence adoption of ChatGPT across the Company.
• Provide company training on ChatGPT prompt engineering, risk management strategies, and implementation strategies.
• Assess, develop and advise on risk management strategies related to AI integration in business processes, including the ethical deployment of AI systems.

1. Enterprise Risk Management (ERM) Analyst

• Conduct risk assessments to identify potential threats to business operations, including strategic, operational, financial, compliance, and reputational risks.
• Review business processes, industry practices, regulatory requirements, and identify gaps in risk mitigation activities. Influence necessary changes to keep risks within the Company’s risk appetite and tolerance levels.
• Assist in preparing regular ERM reports and dashboards for executive leadership and the board of directors.
• Assist with the development and implementation of enterprise risk training and awareness campaigns and programs.
• Represent the team in day-to-day activities with internal and third party business partners.

1. Risk Department Administration

• Manage user access and related controls for software managed by the Risk Department.
• Provide back-up support for various risk department administrative duties as needed, including insurance program management, business continuity activities, risk analysis and reporting, and maintaining policy manuals.
• Update policy and procedure as needed to meet business and regulatory requirements.

Qualifications

Education

• Bachelor’s degree in Business Administration, Risk Management, Supply Chain Management, or a related field.

Experience

• Minimum of 7 years of experience in financial services industry or other regulated industry, with demonstrated success in developing, designing, integrating, and managing third-party risk management frameworks and mitigation strategies.
• Experience implementing and managing ERM frameworks and risk mitigation strategies.
• Experience working in regulated industries (e.g., finance, healthcare, or technology) is highly desirable.

Skills and Competencies

• Expertise in third party risk management and strategic sourcing principles and regulatory compliance requirements.
• Expertise in analyzing and interpreting data to measure and report on third-party risks.
• Understanding of IT security risk associated with third-parties.
• Expertise with continuous third-party monitoring tools, such as BitSight or RiskRecon.
• Proficiency in managing vendor contracts, Service Level Agreements (SLA’s)
• Strong negotiation and contract management abilities.
• Expertise in using third party risk management systems or Governance, Risk, and Compliance (GRC) platforms.
• Strong project management skills as part of implementing third party, enterprise risk management, privacy/compliance risk and AI risk management frameworks, policies, and procedures.
• Proficiency or expertise with Generative AI applications (ChatGPT or similar), including training, prompt engineering, and AI ethics and risk management.
• Familiarity with frameworks like COSO, ISO 31000, NIST.
• Exceptional analytical, problem-solving, and decision-making skills.
• Excellent relationship-building and communication skills.
• Ability to align third-party risk management with the company’s overall business strategy.
• Knowledge of regulatory requirements, such as NYDFS, GDPR, or CCPA and experience with NAIC guidelines and state-level insurance regulations relevant to surety.
• Familiarity with surety or insurance industry, including knowledge of underwriting, claims and bonds.

Certifications (Preferred)

• Certified Third-Party Risk Professional (CTPRP)
• Certified Risk Management Professional (CRMP)
• Certified Supply Chain Professional (CSCP)
• Certified Information Systems Auditor (CISA)
• Certified Risk and Compliance Management Professional (CRCMP)