Third-Party & Vendor Risk Management Specialist in Memphis, TN at First Tennessee Bank

Date Posted: 8/16/2019

Job Snapshot

Job Description

Position Overview:

Executes FHNC’s centralized Third-Party & Vendor Risk Management (TPVRM) Program in a manner that meets regulatory expectations, avoids safety and soundness issues for the Bank, and informs business decisions about the potential or continued use of a third-party’s services. More specifically, this is accomplished by up-front and periodic assessments of the risks involved, the controls our third-parties have in place, the operating effectiveness of those controls, and their performance against service levels or expectations. Results influence contracting, business decisions, etc. Requires focused evaluation efforts and very broad/deep thinking about a wide-variety of risks the Bank could be exposed to through use of third-party/vendor products and services.

Essential Duties and Responsibilities:
• Must develop, maintain and apply a broad (and deep) understanding of the major categories of risk (and sub-risks) the Corporation may be exposed to through the use of third-party services. Each category of risk, as noted below, requires deep understanding of related sub-risks: Strategic & Business Risk, Technology/Information Security/Cybersecurity, Business Continuity & Resiliency, Operational Risks, Regulatory Compliance Risks, Financial Risk, Credit Risk, Reputational Risk, and Legal/Contract Risk).
• Independently evaluates business line objectives and third-party/vendor services being used (or contemplated) to achieve such objectives, and determines the applicable inherent risks involved and the respective levels of inherent risk exposure. These decisions must be rooted in sound risk-based rationale and business judgements that are documented and defendable.
• Handles engagements from all lines of business and subsidiaries; as outsourcing arrangements have become complex with multiple layers (i.e., Nth Parties), engagements range from moderately complex to very complex.
• Accountable for determining the most appropriate types and amounts of due diligence necessary from each third-party (i.e., tailored to each service provider) to facilitate a sound assessment of the third-party’s controls environment (design and operating effectiveness)
• Partners with other internal risk subject matter experts (e.g., Compliance, IT Risk, BCP/DR Group, etc.) to conclude on how similar (or dissimilar) the third-party’s risk appetite is in comparison to our own, and how similar (or dissimilar) their approaches are to managing risk in comparison to FHNC’s standards or practices. Variances must be documented and handled as risk findings or issues (similar to audit findings).
• Responsible for effectively challenging and/or negotiating with internal partners, and the service provider, regarding relevance and significance of findings, remediation options, and contractual terms or conditions.
• Responsible for quantifying the amounts of residual risk FHNC would be exposed to through third parties, and escalating to senior or executive management if FHNC would have to take on substantial risks because the third-party is not managing the risk exposures to a degree that meets FHNC’s expectations.
• Communicates with and educates business partners on the third-party risk exposures associated with their use of outside service providers, and what they are accountable for as it relates to oversight of such.
• Manages production work assignments in a way that meets stakeholder expectations (e.g., timing needs, balancing risk management with the business’s pursuit of strategic objectives, priorities, and potential rewards)
• Maintain knowledge of the Board-level TPVRM Policy, and escalates policy exception requests or violations
• Maintains oversight of critical and high-risk third-parties, service providers, and vendors by evaluating real-time monitoring alerts received through various sources and taking appropriate/timely actions
• Maintains an awareness of what’s happening in the banking industry and the third-party & vendor risk management space, including related emerging topics/risks, in order to be effective at applying the Third-Party & Vendor Risk Management (TPVRM) Program frameworks.
• Serves as an advisor to Business Lines, Support Areas, and Senior Management as it relates to the 9 major categories of risk noted above (in the context of third-party usage); may object to taking on certain risks, escalate to executive management for risk decisioning, or make recommendations to reduce risk exposure in the areas of operational risk, information security or cybersecurity, etc.
• Administers risk management programs, to include investigating, analyzing and recommending solutions to risk issues within areas of responsibility
• Review process and procedures to develop the best control environment, developing and implementing risk management and compliance initiatives

Requirements Education and/or Work Experience Requirements:

• Bachelor’s degree in related field, or 4 years of experience in a business professional capacity is required
• Risk management skills and experience (at least 2 years in a risk analyst or similar role in any industry is required; in banking, financial services, or vendor/supplier risk management is highly desirable)
• Critical thinking skills and experience are required
• Good business judgment skills are required, including the ability to establish sound rationale/support
• Must work well independently, without constant supervision, and be self-motivated and results-oriented
• Strong inter-personal skills are required to build relationships, collaborate, and communicate well
• Strong organizational skills are required
• Proficiency with MS-Office software is required

Additional Competencies Necessary for Success:
• Strong business acumen, including strong analytical skills and ability to think critically
• Strong communication skills, with the ability to listen and express ideas in groups or 1-on-1 meetings.
• Ability to prepare written communications with sound reasoning, and convey information clearly and effectively through formal (e.g., assessments) and informal documents (e.g., emails, etc).
• Strong leadership competencies and confidence, including ability to negotiate and influence others in order to assert ideas, gain support from others and persuade/mobilize other people to take action, and resolve issues
• Ability to remain in constant alignment with team mission while successfully analyzing details (i.e., ability to dive in and understand risks and controls, yet able to summarize big picture and what is really important)
• Comfortable proposing solutions to challenges with little definition, rather than waiting to receive specific instructions; ability to independently visualize, articulate, and solve complex problems
• Ability to prioritize conflicting demands to meet other operational or strategic requirements and achieve optimum performance; ability to recognize and willingness to apply a sense of urgency when necessary.
• Ability to cultivate relationships

  • All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, gender stereo typing, and age. First Tennessee is an EO employer – M/F/Vets/Disabled.
  • Please view Equal Employment Opportunity Posters provided by OFCCP