TITLE: MGR - THIRD PARTY RISK MANAGEMENTSTATUS: EXEMPTREPORTS TO: DIRECTOR - INFORMATION SECURITY AND THIRD-PARTY RISKDEPARTMENT: ENTERPRISE RISK MANAGEMENTJOB CODE: 11642PAY RANGE: $119,300.00 - $145,000.00 ANNUALLYGENERAL DESCRIPTION:The Manager, Third Party Risk Management will manage the implementation and administration of Golden 1’s enterprise-wide third-party risk management (TPRM) program; ensuring processes are effective in managing risks related to third-party relationships in a manner that is consistent with strategic goals, organizational objectives, and risk appetite.Assist in development and communication of program governance, including third-party policies, standards, procedures, and reporting to ensure quality, compliance, and security in third-party relationships. Identify and manage risks associated with conducting business with third parties. Work to mature the framework for third-party risk identification, assessment, monitoring and measurement of residual risk for the entire third-party management process from procurement to renewal/termination. Provide leadership in the standardization of third-party management processes, such as procurement, contracting and due diligence, and ongoing third-party relationship management. Develop program metrics and report on overall performance, including analysis of key risks and trends, issue management, and results of third-party performance reviews. Manage short and long-term program strategies and support model, including outsourcing decisions, agreements, third-party selection, and continuous improvements of third-party risk management processes.This role will interface extensively and collaborate with various stakeholders and cross functional teams to operate and enhance the third-party risk management program, including third-party/contract owners, Legal, Information Technology, Information Security, Compliance, Finance, Project Management Office, and others.TASKS, DUTIES, FUNCTIONS:Manage, operate, and mature Golden 1’s third-party risk management program.Establish strong, collaborative relationships with internal and external stakeholders to manage and optimize program governance, policies and procedures to ensure effective management of third-party risk.Implement tools, systems, and processes for identifying, assessing, escalating, reporting, and managing third-party risk.Lead key initiatives and participate in enterprise projects related to third-party risk and performance management, tracking, and monitoring functions.Serve as internal point-of-contact for third-party life cycle requirements (due diligence; adherence to purchasing, procurement and third-party relationship policies; onboarding; monitoring; issue management and escalation; renewal, termination and exit) using a risk-based approach that is consistent and repeatable.Implement a training program and ongoing awareness campaigns to support business line adherence to third-party risk management objectives, policy, and procedures.Assist in the development of the third-party risk management roadmap and plan for organizational growth and development of VRM personnel. Write, assign, and manage to performance goals, in alignment with Enterprise Risk Management and Credit Union strategy, values, and goals.Work with stakeholders to identify and implement improvements to procurement/strategic sourcing and contract management processes, including setting standards for third-party selection processes, contract language, contract negotiation, and pricing controls. Report, escalate and oversee remediation of third party related issues identified in ongoing monitoring, the risk assessment process or incident management. Maintain all materials, reports, and metrics associated with the third-party risk management process.Oversee ongoing monitoring of third-party performance, ensuring compliance with service level agreements and regulatory standards.Support and respond to regulatory and audit inquiries and requests.Lead, mentor, and develop a team dedicated to third-party risk management, ensuring trust-based relationships are built with other business units, stakeholders, and third-party providers to maximize functionality and efficiency.Provide consistent and accurate management and board reporting including metrics to highlight issues, risks, and program status.Track and present reports on third-party risk management project status to senior management and others, as needed.Keep abreast of industry trends and regulatory changes impacting third-party risk management. Maintain relationships with peers and outside agencies to exchange information on best practices. Understand and ensure compliance with regulatory requirements.Engage with leadership and provide detailed insights into third-party performance and areas of risk to the organization.Perform other third-party risk management duties as assigned or as required to support Enterprise Risk Management and the business, such as developing ad-hoc analysis, performing deep dive investigations or driving specific risk initiatives.Develop and maintain an understanding of the pertinent regulatory requirements and risks inherent to job responsibilities, establish, and maintain control activities that mitigate those risks consistent with the Credit Union’s risk appetite, and ensure operational integrity and compliance with applicable regulation. PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASKS:Strong oral and written communication skills required to train and staff, implement, as approved; procedural recommendations, negotiate third-party contracts and perform other related tasks. Must possess sufficient manual dexterity to skillfully operate an online computer terminal and other standard office equipment, including a typewriter, adding machine, personal computer, facsimile machine and telephone.Ability to work as part of a team. ORGANIZATIONAL CONTACTS & RELATIONSHIPS:INTERNAL: All levels of staff and managementEXTERNAL: Vendor and Partner Representatives, Regulators, and External AuditorsQUALIFICATIONS:EDUCATION: bachelor’s or master’s degree in business, finance, accounting, risk management, supply chain management or a related discipline. EXPERIENCE: Minimum of 5 years of relevant third-party/third party risk experience in a financial service industry or related field; related work experience could include prior third-party relationship/performance management, supplier management, strategic sourcing, procurement, etc. Experience leading teams, with direct supervision of personnel. Experience designing and implementing third-party or risk management programs or processes is preferred. KNOWLEDGE/SKILLS:Demonstrated/strong working knowledge of risk management programs, practices and processes with specialized knowledge of the discipline of third-party risk management.Knowledge of third-party agreement terms and conditions.Strong analytical, problem-solving and workflow analysis skills, including demonstrated ability to quickly synthesize information from various sources, identifying key points and issues. Ability to apply judgment around third-party risk management and control frameworks and industry best practices and make sound risk/reward decisions using a balance of data, logic and intuition to inform critical business strategies and processes.Strong interpersonal and customer service skills; ability to negotiate, influence, and build collaborative, cross-organization relationships, even in difficult situations. Must have strong communication (verbal, written and presentation) skills, including ability to convey complex situations and relationships concisely to management and executive level audiences.Strong organizational skills, with a high degree of initiative and ability to self-start and self-prioritize assignments and make timely and effective decisions.Strong process facilitation, process management and improvement skills; ability to independently and effectively handle multiple priorities and deliver a quality result within tight deadlines.Highly proficient in Microsoft Office (Word, Excel, Visio, Outlook, PowerPoint).Solid work ethic and able to work effectively both independently and in a team.PHYSICAL REQUIREMENTS:Prolonged sitting throughout the workday with occasional mobility required.Corrected vision within the normal range.Hearing within normal range. A device to enhance hearing will be provided if needed.Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc.Unusually long or inconsistent hours may be required to accomplish tasks.Travel may be needed to accomplish tasks. Overnight travel is sometimes necessary. Occasional weekend and evening schedules required. LICENSES/CERTIFICATIONS:Relevant third-party risk management certifications or credentials beneficial.REV. 04/19/2024