Vendor Management Specialist

Vendor Management Specialist

VA or OH Office

The Vendor Management Specialist is responsible for overseeing and managing the Bank's third-party risk management program. This role will ensure that third-party relationships are established, maintained, and terminated in accordance with the Bank's policies and procedures.

• Third-Party Lifecycle Management:
• Oversee the entire lifecycle of third-party relationships, including onboarding, ongoing monitoring, and termination.
• Conduct due diligence and risk assessments on new third-party vendors.
• Monitor existing third-party relationships to identify and mitigate potential risks.
• Coordinate and document termination activities for third-party relationships.
• Facilitate vendor contract renewal planning and contract renegotiations. 
• Access Management:
• Assist in provisioning and revoking access for third-party contractors.
• Ensure that access rights are granted and revoked in accordance with the Bank's security policies.
• Recordkeeping and Reporting:
• Maintain accurate and up-to-date records of third-party relationships, contracts, and risk assessments.
• Prepare and submit regular reports on third-party risk to management and the Board.
• Incident Response and Management:
• Coordinate with the Information Security team to respond to and investigate security incidents involving third-party vendors.
• Work with third-party vendors to implement corrective actions and mitigate risks.
• Regulatory Compliance:
• Stay informed of regulatory requirements and industry best practices.
• Ensure that the third-party risk management program complies with all applicable regulations.
• Participate in audits and exams conducted by internal and external auditors.
• Training and Awareness:
• Develop and deliver training programs to educate employees on third-party risk management.
• Promote a culture of risk awareness and compliance within the organization.

Qualifications:

• Bachelor's degree in information security, risk management, contract management, or a related field and/or 4 years of related work experience.
• Paralegal experience preferred.
• Strong understanding of third-party risk management frameworks and standards (e.g., NIST, ISO 27001).
• Experience with vendor risk assessment and due diligence processes.
• Knowledge of cybersecurity principles and threat landscape.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and as part of a team.

This role requires a strong understanding of the Bank's business operations, risk appetite, and regulatory requirements. The successful candidate will be a proactive and detail-oriented individual who can effectively manage multiple priorities and build strong relationships with internal and external stakeholders.