Job Description

Third Party Risk Support & Ongoing Monitoring Manager
Lead responses in regulatory matters, including exams and meetings.Primary contributor in technical build projects for Third-Party Risk platform, Archer. Lead a team of Third-Party risk support and ongoing monitoring analysts. Champion and execute updates to existing reporting and technology framework to reduce risk and enhance efficiency. Provide oversight to all lines of business for new engagements and ongoing risk assessment activities. Assist in development and execution of category/supplier strategies. Design and implement performance management program. Support all lines of business on audit, regulatory, and compliance requests. Provide strategic direction for Third-Party Risk Management and strategies to changing circumstances as required. Design and implement analysis process and produce reports with vendor metrics program throughout the lifecycle. Develop program documentation and training. Ensure system data maintenance (Supplier Manager role changes, etc.) are maintained and audited for accuracy. Position Responsibilities: Ongoing Monitoring Oversight

• Efficiently and accurately establish metrics and deliver against them in a robust validated, consistent and repeatable process.
• Establish process and controls to ensure data accuracy and integrity.
• Review supply agreements, contractual terms, and relationship management oversight requirements.
• Develop an understanding of line of business operations, their complexities, trade-offs and impacts when outsourcing products and services.
• Create and manage the framework for key metrics or key performance indicators, associated with outsourced services. Provide oversight of the management activities, evidence of management, and documentation and remediation of identified issues.
• Ensure appropriate Senior Management awareness/oversight for follow-ups on action items, to resolve identified issues.
• Identify opportunities for process improvements to deliver increasing operational efficiency in the Third-Party monitoring oversight processes.
• Analyze and understand highly complex business problems and regulatory requirements that are part of operating in the financial industry.
• Build processes and controls which continuously enhance the Third-Party oversight program and develop new ideas based on interactions with partners, Third-Parties, and regulators.
• Document common issues and help find innovative solutions supporting line of business teams to achieve business objectives and management of Third-Parties.
• Identify technology and automated process opportunities to enhance tools to support
• Third-Party management and regulatory changes.
• Assist business owners in managing Third-Party risks throughout all phases of the relationship life cycle.
• Monitor and review performance reports prepared by business users and provide challenges if there is no evidence to support responses as well as remediation efforts for missed performance agreements.

TPR Archer Process, Training & Process Oversight

• Identify systemic improvements based on analysis of late data, issues, business unit complaints, surveys, etc.
• Develop and administer ongoing Supplier Manager training and job aids for process and system (Archer).
• Provide input and aid in the development of policies focused on the security of third-party business processes.
• Develop and maintain supplier risk and control monitoring plans, performing monitor activities and analysis of evidence to determine controls are operating effectively.
• Conduct quality assurance activities for inherent risk questionnaires, due diligence questionnaires, supplier performance reviews, exit strategies, and other process artifacts.
• Develop program documentation (policies, procedures, frameworks) for all Third-Party Risk Assessment and Ongoing Management activities.
• Conduct semi-annual supplier manager forum and continuous training presentations.
• Review Annual Compliance Based Training Content for required updates and launch training for new hires and Third-Party managers. Provide annual training requirement list.
• Assist contract owners with maintaining relationships with the Third-Parties to ensure compliance, requesting audit, tests or other evidence requests are completed timely.
• Maintain an inventory of in‐scope artifacts and report their compliance status as required by stakeholders, management, review boards, regulatory bodies, and auditors.
• Ensure relationship owners are educated and trained on TPRM Archer process and program requirements for lifecycle management.

Team and Project Management

• Foster relationships and influence the behavior internal teams and external parties.
• Direct supervisor for business support staff that provides guidance and oversight on risk assessment process and ongoing management activities.
• Share information, transfer knowledge and expertise to team members and lines of business.
• Develop and present TPR program during regulatory and audit examinations in support of
• Program Owner (Mgr Ops and Third-Party Identify risk assessment process, ongoing review requirements, performance management, and oversight opportunities. Educate team
  on consistent documentation and requirements of evidence for first line and facilitate common approaches.
• Serve as project manager for responses to audit and regulatory findingsRisk).

Oversight Assessment Processes

• Managing direct reports to complete oversight activities to ensure management initiatives, such as risk reviews, open findings and QA audits are completed accurately.
• Contributing participant with the Risk Assessment team in the implementation of strategic change with and enhancements.
• Support and Champion the Third-Party risk assessment framework for the bank and present updates/enhancements/changes to Committee's as required.
• Review team sample of quality reviews of first and second line of defense analysis to identify potential concerns as part of the onboarding process for new Third-Partys and current Third-Partys during reassessment.
• Provide management updates related to open issues within Enterprise related to the Risk Assessment process.
• Provide oversight to contract owners and relationship managers guide new and existing Third-Party relationships through the Third-Party onboarding due diligence process, including completion of IRQs (inherent risk questionnaires), ensuring DDQs (due diligence questionnaires) are completed timely and accurately, and any applicable supplemental risk requirements.
• Analyze Risk Area Control Effectiveness Ratings for gap in controls and work with supplier managers with addressing the risk acceptance or remediation during business reviews or contract negations.