Job Description
Job Description
STATUS : Full time / Exempt
REPORTS TO : Director, Risk Management and Compliance
LOCATION : Corporate Office - Rochester, NY
COMPENSATION : The starting salary for this position is expected to be $65,000-68,000 annually. The actual hourly wage will be determined based on experience and other-job related factors, consistent with applicable law.
HOURS : 37.5 hours per week
SCHEDULE : Monday – Friday 8 : 30am – 5.00pm
- MUST reside in New York State and be able to work onsite at our Rochester, NY Corporate Office
Position Summary
The Enterprise Risk Management (ERM) Specialist is responsible for supporting the objectives of the enterprise-wide risk management program. The position is responsible for maintaining the system and processes supporting the vendor management program and acts as the liaison between ERM and Relationship Managers.
The ERM Specialist assists with the Credit Union's risk assessment of third parties, identifying and documenting material risks associated with third parties. Includes working directly with Credit Union business line relationship owners to gain an understanding of the third-party services and how the business will utilize the services, ensuring inherent risks are appropriately identified
The ERM Specialist will coordinate business continuity implications related to third party service providers with the credit union’s business continuity plan strategy.
Perform all responsibilities in a manner that serves The Summit’s Mission and upholds the credit union’s values.
Essential Responsibilities - Must be capable of performing the following essential responsibilities, with or without reasonable accommodations, as outlined below.
Communicate with the Relationship Managers of third parties to help facilitate the completion of internal questionnaires and submission of documentation needed to support the third-party risk assessment. Provide appropriate guidance and advice to Relationship Managers and vendors by drawing out useful information, asking questions, and analyzing feedback.Ensure third-party documentation is accurate, organized, and complete within Credit Unions platform and maintain documentation and records supporting analysis.Represents Vendor Management in all lines of business and requires a high degree of diplomacy, collaboration and interpersonal skills to provide education, guidance, and support to vendors and Credit Union Relationship Managers throughout the third-party risk management process.Facilitates and executes the Vendor Management Program. Coordinate workflow for the Vendor Management Program utilizing the software and training users on the systems.Continuously monitors vendor risk even after the vendor contract is executed (e.g., monitoring performance levels and periodically requesting and analyzing current due diligence). Escalate material risks timely and effectively to support the development of risk management strategies (e.g., data breach, service failure, bankruptcy).Responsible for ensuring the vendor program is following NCUA federal regulations and FFIEC standards, policies, procedures and requirements in reference to third party risk vetting requirements, categorization criteria, controls and ongoing monitoring.Continuously evolves the vendor risk management program to adapt to changing business requirements on behalf of the credit union.Collaborates with internal support (Information Technology) to ensure that all related control requirements have been met and considers emerging risks. Ensures all control exceptions are monitored for corrective actions until new / existing vendor is within policy guidelines.Responsible for Vendor Risk Management reporting that tracks enterprise vendor risk management activities and all vendor management tasks inclusive of working with external vendors and internal employees, initiating, and managing the due diligence process for approval for potential new vendor and contract renewals.Serves as the subject matter expert for vendor owners to help ensure that all risk assessment and mitigation requirements have been met throughout vendor lifecycle.Establish a working knowledge of Credit Union’s products and services with an understanding of how third-party services are used to achieve strategic goals and objectives.Coordinates the contract management process that ensures contractual language appropriately protects the Credit Union, including confidentiality requirements, service standards and dispute resolution processes as it relates to third-party NCUA regulatory compliance.Responsible for ongoing maintenance of Ncontinuity software that houses the credit unions Business Continuity Plan.Coordinates, documents, and ensures completion of Business Continuity Plan testing efforts and assists in implementing recovery effort enhancements as identified from testing and real-life business interruption scenarios.Documents within the Ncontinuity software ongoing functional and departmental Business Impact Analysis (BISA) meetings and related risk assessments.Assist in any internal or external audits as needed. This includes, but is not limited to, pulling documents for review, program, and policy explanation / demonstration, and providing reports and documentation.Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner.Performs other job-related duties as assigned.Note : The above information on this job has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.Qualifications and Skills
Education & Experience - Applicants must possess the following qualifications or an equivalent combination of education and experience :
Education : Bachelor’s degree from an accredited four-year university with a concentration in the areas of computer science, information science, management information systems or business-related program. Significant technology-related course work or equivalent work experience required. Audit or Risk Analyst or an equivalent combination of education and experience preferred.Experience : Minimum of three years of experience in the field of business, audit or information technology with previous risk or business continuity experience, preferably in a financial institution.Familiarity with financial products and services and with the regulations which govern financial institutions, preferably credit unions, is required.Industry-related certifications (third party risk management) not required but is a plus.Knowledge / Skills / Abilities (including Technical & Systems / Equipment Proficiencies)
Efficient time management and strong organizational skills, attention to detail, and the ability to complete tasks with a high level of accuracyMust possess and exhibit excellent analytic skills and judgment to solve complex problemsStrong written and verbal communication skills and the ability to effectively interact with all levels within a corporate settingExcellent computer skills required, including proficiency with Microsoft Office applications (particularly Excel) and working knowledge of financial institution core operating and database systems.Flexibility (able to adapt to changing environment)Positively communicate with diverse populations while providing excellent customer service, adherence to confidentialityAbility to prioritize and manage multifunctional tasksAbility to act independently, with some supervisionAbility to provide independent and objective analysisAbility to maintain a high level of confidentiality relative to any information received, directly or indirectly, at all timesAbility to work effectively under pressure and with time constraintsPhysical Requirements
Lifting (5-10 pounds)Standing / Sitting extended periods of time, while working in front of computer monitorTyping / Data EntryProfessional Office EnvironmentOverhead LightingTraining and Compliance Requirements
Subject to the compliance requirements of all related federal regulations, including but not limited to; the Bank Secrecy Act (BSA), Anti Money Laundering (AML), Information Security and Privacy policies and procedures. Employees complete annual BSA, AML, Information Security, Privacy, and other job-related training requirements as established by the Summit and within deadlines.
Salary : $65,000 - $68,000
