What are the responsibilities and job description for the Sr. Third Party Risk Management Specialist position at Liberty Mutual Insurance Group?
Due Diligence and Risk Analysis: Evaluates potential 4th and nth party risks, including analyzing concentration, as well as partnering with operational risk, cyber security and resiliency teams regarding third party related issues and events. Monitoring and Reporting: Supports the Global Head of Third Party Risk by preparing regular metrics and other risk reports for committees, management and risk experts (e.g., aggregate KPIs, ERIs and other risk metrics through reporting and dashboards) and oversees completion of business on-going risk management activities and reports on instances of non-compliance or other areas of concern. Incident Management: Facilitates issue escalation and risk acceptance processes to ensure appropriate stakeholders and executives across the enterprise are involved based on defined risk thresholds. Policy Development: Contributes to the development and refinement of the organization's TPRM policies and procedures, ensuring alignment with industry best practices and regulatory requirements and partners with the Global Head of Third Party Risk to perform program maturity analysis to help inform strategic direction of program. Training and Awareness: Maintains training documentation for the business, provides support to internal stakeholders and manages the creation, updates to, and testing of program procedures. Support Stakeholders: Leads strategic business partner and risk expert meetings, provides stakeholder guidance throughout escalations and risk acceptance processes, and provides support and advisement to program team and assists in the resolution and management of complex stakeholder engagements. Bachelor's Degree or equivalent work experience. 6 years of experience in Third Party Risk Management, Operational Risk, Audit, or related field. Professional certification in TPRM strongly preferred - e.g., Certified Third-Party Risk Professional Certification (CTPRP), Certified Third-party Risk Assessor (CTPRA), Certified Third-party Risk Management Professional (C3PRMP). Advanced knowledge of third party risk principles and best practices in these risk areas: Information Security, Privacy, Business Continuity, Disaster Recovery, Resilience and relevant regulatory frameworks (e.g., GDPR, NIST, DORA). Risk assessment and risk analytics skills required. Audit background, including familiarity with SOC I (SSAE16) and SOC II, ISO 27001, etc. preferred. Detail oriented with strong organizational and reporting skills. Ability to independently manage and prioritize work as well as work independently and as part of a team. Good judgment and strong analytical and problem-solving skills. Excellent oral and written communication skills. Knowledge of insurance or financial industry preferred. Proficiency in risk management software, Microsoft Office Suite (Excel, PowerPoint, Word, Copilot) required.