THIRD PARTY RISK OFFICER

The Third-Party Risk Officer is responsible for implementing, overseeing, and managing Stock Yard Bank’s third-party risk management program. This role ensures third-party providers (a.k.a. vendors) comply with Bank Policies, industry regulations, and best practices while identifying and mitigating risks related to third-party providers including but not limited to cybersecurity, compliance, operational efficiency, financial stability, strategic, and reputational risks. The position will require consistent collaboration with all departments who have third party providers supporting their operational and strategic functions. The position will serve as a second line of defense covering third party provider risk for the Bank’s overall Enterprise Risk Management program.

Responsibilities

Daily responsibilities include, but are not limited to, the following:

Program Development and Oversight:

• Design, implement, and maintain a robust third-party risk management framework.
• Develop and enforce policies, standards, and procedures for third-party risk assessment and monitoring.
• Create educational materials for internal stakeholders to enhance understanding and purposes behind the third-party risk management program, including operational policies and procedures. Will be responsible for delivery and facilitation of such training to internal stakeholders.

Risk Assessment:

• Conduct risk assessments for new and existing third-party relationships.
• Evaluate vendor controls related to cybersecurity, data privacy, financial health, compliance, and operational performance.
• Assign risk ratings and recommend mitigation strategies for identified risks.

Vendor Due Diligence:

• Perform detailed due diligence on potential vendors, including reviewing contracts, certifications, and service-level agreements (SLAs).
• Collaborate with legal, compliance, and procurement teams to ensure thorough vetting processes.

Ongoing Monitoring:

• Monitor third-party performance through audits, periodic reviews, and key performance indicators (KPIs).
• Track and report on third-party incidents or breaches, ensuring timely resolution and communication with stakeholders.

Collaboration:

• Work closely with Subject Matter Experts, internal stakeholders, Information Technology, Information Security, legal, and compliance, to align third-party risk management with organizational goals.
• Serve as a liaison between the organization and third-party entities during risk discussions or escalations.

Regulatory Compliance:

• Stay up-to-date on relevant regulatory requirements (e.g., GDPR, SOC 1 & 2, ISO 27001, FFIEC).
• Ensure third-party activities adhere to applicable laws and regulations.

Reporting and Metrics:

• Prepare and deliver regular reports to senior management and the Enterprise Risk Management Committee on third-party risk metrics, trends, and significant issues.
• Maintain comprehensive documentation of third-party risk management activities.

Other:

• Consistently apply superior decision-making techniques pertaining to inquiries, approvals, and requests as they apply to existing policies and procedures, keeping within assigned approval limits and using these instances as learning tools for further program enhancements.
• Assumes responsibility for special projects including document preparation for internal/external audits and regulatory examination.
• Other duties as assigned, including providing back-up support to other risk management areas, assisting with internal and external audits, and state and federal banking examinations.

Job Requirements

The successful candidate will have the following qualifications:

• Bachelor’s degree in business administration, risk management, information security, or equivalent experience
• Minimum of 5 years of experience working in the banking industry
• Minimum of 3 years of experience in Third-Party Risk Management/Vendor Management, risk management program governance, Risk and Compliance, Audit, or similar field.
• Relevant certification(s) desired or a willingness to complete within 24 months: Certified Third-Party Risk Professional (CTPRP), Certified Regulatory Vendor Program Manager (CRVPM), Certified Risk Manager (CRM), Certified Regulatory Compliance Manager (CRCM) or relevant risk management certification.
• Strong knowledge of regulatory guidelines regarding third-party risk management.
• Experience in contract review and negotiations.
• Excellent written and verbal communication skills with the ability to present complex information to non-technical audiences.
• Strong knowledge of risk management frameworks and methodologies.
• Familiarity with cybersecurity, data privacy, and regulatory compliance standards.
• Ability to manage multiple projects
• Detail oriented with strong analytical and decision-making skills
• Demonstrates initiative
• Excellent written and verbal communications
• Professional appearance and demeanor
• Strong experience with MS Excel and Word.

Benefits

• 401(k) with a company match of up to 6%
• ESOP employer match
• Medical insurance
• Dental insurance
• Vision insurance
• Cancer / Disease insurance
• Accident insurance
• Flexible Spending Accounts
• Health Savings Accounts
• Bank paid Life / AD& D insurance
• Voluntary Life / AD&D insurance
• Bank paid Short-Term and Long-Term Disability insurance
• Employee Stock Purchase Plan
• Employee Assistance Program

Physical Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position requires sitting the majority of the time with limited walking and standing. All work occurs indoors and within regular working hours. The noise level in the work environment is usually moderate

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)