Operational and Enterprise Risk Manager chez Sunward Federal Credit Union

Description

Job Scope:

Directly responsible for administering and facilitating the credit union’s vendor management program. Assist vendor relationship owners (VROs) across all business units and multiple levels of management in conducting third- and fourth-party vendor/product/service due diligence, both for new vendors being considered and as part of ongoing due diligence of existing vendors. Support VROs by providing guidance about how to review, interpret, and understand contracts and due diligence materials, including kinds of documentation that are appropriate to request and review from each vendor. Work closely with Information Security and Compliance, to coordinate review of technical due diligence and compliance and regulatory issues. Collaborate with VROs and internal business units generally in reviewing and understanding the content and risk allocation and gap areas within contracts, including whether certain topics like confidentiality, subcontracting, regulatory compliance, Service Level Agreements, Data Residency and Ownership, and data breach liability are addressed appropriately.

Job Duties:

• Develops and maintains SLFCU’s vendor management policy and program, including program documentation. Ensures vendor management activities are performed and records are retained in compliance with applicable laws, regulatory standards, and SLFCU policies and procedures.
• Facilitates and improves process cycles reflecting the Third-Party Risk Management Lifecycle under the vendor management program, including periodic ongoing due diligence reviews and contract negotiation processes, terminations, and renewals.
• Administers and maintains software program(s) in use for vendor and contract management functions; consults on selection or replacement of such program(s) if/as appropriate.
• Supports VROs’ review of contracts and other materials as part of due diligence for new vendors/products/services. Conducts close reviews of highly detailed technical and legal documents. Provides contract redlines to VROs and/or counsel; works with VROs and/or counsel to address gap areas and to assist in negotiating contract terms favorable to SLFCU. 
• Helps VROs evaluate vendor diligence documents including financial statements and SOC reports.
• Helps VROs to determine acceptability based on business unit needs and industry standards. Assesses key data about vendors, products, services, and contract terms, provides recommendations based on that assessment, and helps educate VROs regarding same.
• Reviews vendor risk assessment process outputs to ensure risk has been appropriately assessed; follows up with VROs to close any gaps.
• Develops strong working relationships and maintains ongoing communication with VROs and business units.
• Provides reporting and analysis regarding overall program, including VRO performance and vendor risk.
• Assist with regulatory examinations, audits, and similar inquiries; assist in preparing and executing management responses as needed.
• Obtain and maintain necessary training to keep current on the discipline of third- (and fourth-) party risk management, including regulatory expectations and industry best practices.
• Performs other duties and responsibilities as assigned.

Requirements

Experience and Education:

• Minimum six years of either broad financial institution experience or vendor management experience. Demonstrated responsibility for vendor management and review of related documentation preferred.
• Bachelor’s degree in liberal arts, business administration, or other field, or equivalent experience.

Knowledge:

• Basic understanding of contracts, SOC reports, and risk assessment (including inherent and residual risk, along with mitigation and controls); advanced understanding is preferred.
• Basic understanding of data structures and security.
• Proven ability to diplomatically influence and contribute to institutional governance processes.
• Proficiency in the use of MS Office.

Skills/Abilities:

• Possesses superior interpersonal skills.
• Able to professionally represent the institution to regulators, strategic partners, and other third parties.
• Performs well and is comfortable in cross-functional teams; strong individual and team contributor. Able to work proactively with team members in developing and achieving a common goal.
• Possesses excellent communication skills as required for understanding, synthesis and presentation of technical material, business unit objectives, policy and program documentation, and extensive interaction with management, staff, and vendors.
• Able to facilitate meetings effectively and efficiently.
• Advanced business understanding (general banking knowledge preferred).
• Self-starter with high sense of urgency and ability to handle multiple priorities simultaneously.
• Superior analytical skills.
• Critical thinker that can ask difficult questions and be flexible in understanding multi-dimensional issues.
• Willingness to learn and adapt quickly with a positive and upbeat mindset.
• High ethical standards.
• Proven organizational skills. Able to prioritize multiple tasks and projects while maintaining deadlines and managing resources with little direction.
• Understands and applies “best practices” and continually works for process and service improvements.