Risk Management - Sr Third-Party Risk Management Specialist

Golden 1 Talent Acquisition Team•Sacramento, CA

13h•Hybrid

About The Position

The Senior Third-Party Risk Management Specialist is responsible for utilizing the Credit Union’s risk management framework to identify, assess, measure, monitor and help mitigate the financial, reputational, regulatory, and operational risks (among others) throughout the lifecycle of Golden 1’s third-party relationships. This individual will work to identify, assess, and create mitigation plans for third-party risks through the execution of the Third-Party Risk Management Program specifically in the areas of third-party due diligence, risk assessment, and ongoing monitoring. Works with various internal stakeholders, including business owners, technology, information security, finance, compliance and legal to identify and assess third-party risks and implement controls and processes as well as monitor ongoing risks and mitigation efforts. The Senior Third-Party Risk Management Specialist will provide a broad range of third-party risk analysis, reporting and/or support to various key stakeholders, including business owners, internal subject matter experts (SMEs) and third-party partners. This role must be a champion of our overall enterprise risk management approach and acts as a subject matter expert in providing guidance/advice on third-party risk-related matters. Assists in the development and deployment of various third-party risk management tools, practices, and policies used to analyze and report third-party risks, and to manage risks in alignment with an enterprise risk management framework. Provides key inputs into the company's risk management or other committees that oversee third-party management processes and ensures alignment with organizational objectives.

Requirements

Bachelor’s degree preferred or the equivalent combination of education and experience.
Minimum of five (5) years or more relevant experience in vendor/third-party risk management, audit, compliance, or risk management in a financial institution required.
Demonstrated/strong knowledge of third-party/vendor lifecycle management programs, practices and processes inclusive of risk management methodologies for identification, analysis, mitigation/control, communication, monitoring, reporting and escalation.
Strong knowledge of current regulations and compliance requirements as it relates to third-party relationships.
Advanced understanding of various risks associated with third parties such as: information security/cyber risk, privacy risk, operational risk, physical security risk, business resilience risk, financial risk, reputational risk, regulatory risk, compliance risk.
Strong analytical, problem-solving and workflow analysis skills, including demonstrated ability to quickly synthesize information from various sources, identifying key points and issues.
Demonstrated ability to apply judgment around risk management and control frameworks and industry best practices and make sound risk/reward decisions using a balance of data, logic, and intuition to inform critical business strategies and processes.
Excellent interpersonal and customer service skills; ability to negotiate, influence, and build collaborative, cross-organization relationships, even in difficult situations.
Must have strong communication (verbal, written and presentation) skills, including ability to convey complex situations and relationships concisely to management and executive level audiences.
Strong organizational skills, with a high degree of initiative and ability to self-start and self-prioritize assignments and make timely and effective decisions.
Strong process facilitation, process management and improvement skills; ability to independently and effectively handle multiple priorities and deliver high quality results within tight deadlines.
Ability to negotiate, influence, and build collaborative, cross-organization relationships, even in difficult situations.
Demonstrated ability to think critically and facilitate change through collaborative effort.
Solid work ethic and able to work effectively both independently and in a team.
High ethical standards and discretion in handling highly confidential information.
Highly proficient in Microsoft Office (Word, Excel, Visio, Outlook, PowerPoint).
Knowledge of third-party management software.
Outstanding oral, written, and presentation skills required.
Strong interpersonal (people) and diplomacy skills required.
Must have the ability to guide, negotiate, influence, and interact with various staff, and levels of management, including senior leadership.
Excellent prioritization skills, to effectively conduct and manage multiple priorities and meet tight deadlines required.
Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as financial calculators, personal computer, facsimile machine, and telephone.

Nice To Haves

Experience designing and implementing third-party/vendor risk management programs or processes is preferred.
Relevant vendor/third-party risk management certifications or credentials beneficial (e.g., CRVPM 1,2,3, and/or 4).

Responsibilities

Support all Third-Party Risk Management (TPRM) activities to proactively identify, evaluate, and mitigate risks.
Serve as a subject matter expert for third-party risk management.
Develop and direct third-party risk assessment and ongoing performance monitoring practices and procedures, as well as an annual review prioritization process.
Supports internal stakeholders in third-party risk identification, assessment, and reporting.
Provide third-party risk management advisory services, education and training to leaders and business units across the organization.
Independently facilitate or lead stakeholder meetings and management briefings on relevant issues, risks, or trends, associated with enterprise-level third-party risks.
Tactfully yet assertively challenge assumptions and perspectives on third-party risk throughout the organization.
Recommend improvements to policies, procedures, and practices to reduce costs, improve internal controls and/or drive efficiencies.
Contribute to risk committee materials, including creating and updating third-party risk management reports and presentations on the evaluation of program effectiveness, level and direction of third-party risks, key and emerging risks, and status of previously identified risk and control issues.
Analyze third-party profile information to determine the tier/risk level classification of the third-party.
Work with business owners and/or other key stakeholders to ensure correct classification of third-party.
Coordinate the completion of third-party questionnaires and the fulfilment of the due diligence request list with the business owner, ensuring completion of all onboarding steps.
Provide initial and ongoing comprehensive assessments of the third party’s risk through review of due diligence, key stakeholder/SME evaluation of due diligence, risk assessment, and audited reports of controls.
Schedule and conduct Third-Party Risk Assessment meetings with business owners and key stakeholders, as needed, and ensure appropriate signoffs are received.
Partner with assigned business units to ensure assessments are completed accurately and timely, including the identification of risk concerns and the recommendation of control enhancements, and that due diligence and ongoing monitoring requirements are fulfilled.
Interact with business unit personnel to train and guide the completion of risk assessments, due diligence, and ongoing monitoring to support their compliance with third party risk management policies.
Ensure third-party relationships are accurately risk rated and documented in the third-party management system.
Collaborate with business owners to ensure appropriate third-party monitoring documentation is obtained, reviewed, and analyzed on a timely basis.
Identify risk-related issues needing escalation to management.
Proactively work to improve the quality of third-party risk data, including ensuring third-party services inventory is complete.
Validate and monitor gaps identified during the risk assessments process, due diligence, and ongoing monitoring to support adherence to third party risk management policies.
Ensure third-party issues and concerns (e.g., oversight deficiencies, program concerns, and risk-related issues) are reported and escalated, as appropriate.
Provide concise written updates to management on progress, problem situations and recommend solutions.
Develop and maintain strong, collaborative working relationships with key stakeholders across business and corporate areas (e.g., Legal, Compliance, Information Security, Information Technology, etc.) on third-party processes and as needed to accomplish credit union strategic goals.
Contribute to and make recommendations for the development of business processes, procedures, and delivery strategies for managing third-party risk.
Complete research, analysis and make recommendations on workflows and system enhancements, striving for process efficiencies and improved functionality within the third-party management software.
Maintain an ever-growing knowledge of third-party risk management and industry trends, best practices and techniques that can be practically applied at Golden 1.
Partners with external agencies and peer companies to coordinate information exchange and leverage best practices for third-party management.
Perform other duties as required, such as lead and/or contribute to special projects and initiatives that support the Third-Party Risk Management Program and/or key focus areas of the organization.
Maintain a thorough understanding of state and federal laws and regulations related to credit union compliance including bank secrecy and anti-money laundering laws appropriate to the position.