3rd Party Vendor Risk Manager

What's The Role?

We are looking for a Vendor Risk Manager with a strong background in Information Security, Operational Resilience, Technology Audit and/or Risk Management. You will work with the clients departments and subsidiaries to perform the inherent risk assessment of their vendor engagements, create and maintain the risk profile of vendors and vendor products / services, and drive control assessment and risk remediation activities across our vendor population while contributing to strategic initiatives to enhance the overall Vendor Risk program in line with our transformation roadmap. Your work will add value to the clients different departments and subsidiaries that use third parties to achieve their goals, by helping them appropriately manage vendor risk throughout the vendor lifecycle.

We'll Trust You To:

• Liaise with business and technology teams to understand their use of vendor services and products and appropriately assess the inherent risks related to information security, privacy, resiliency, concentration, regulatory compliance, subcontracting, location / geography, among others.
• Maintain the vendor and vendor engagement inventory and risk profiles
• Conduct due diligence control assessments, continuously monitor and report on Vendor and vendor engagement risks
• Coordinate risk mitigation activities with vendors and the clients departments and subsidiaries
• Interpret, train and enforce compliance with the client's Vendor Risk Management Policy
• Cultivate and leverage relationships with CISO, Legal, Compliance, Enterprise Risk Management (ERM) and other control functions to accomplish objectives
• Lead key VRM activities and demonstrate understanding of the top and material risks affecting the clients, our supply chains, and our clients
• Act as subject matter expert on VRM matters supporting the clients departments for which you are responsible
• Provide advisory support to the clients departments on risk
• Provide and coordinate input to key compliance, legal and regulatory initiatives
• Demonstrate existing or develop targeted material to deliver actionable risk reporting to the clients departments as needed
• Participate in select risk committees / working groups

You'll Need to Have:

• Bachelor's or master's degree in Computer Science, Information Security, Business Management or equivalent industry experience
• 5+ years of experience working in the field of Risk Assurance, Risk Management, Internal Audit or other Compliance-related experience
• An understanding of Cloud Computing and how to assess cloud-related risks
• Familiarity with international regulations regarding third-party service providers
• Knowledge of international regulations governing third-party service providers
• Experience with industry frameworks and standards such as NIST 800-53, COBIT 5, ISO/IEC 27001/2, HITRUST, PCI DSS, CSA CAIQ/CCM, CIS CSC, and NIST 800-171
• Understanding of global data privacy laws and regulations, including GDPR, Schrems II, CCPA, and HIPAA
• Familiarity with emerging regulatory requirements, such as the Digital Operational Resilience Act (DORA) and the EU Artificial Intelligence Act
• Experience working with vendor risk assessment frameworks and tools (e.g., SIG, VSAQ)
• Technical knowledge in multiple risk domain areas such as application, architecture, system and network security, identity/access management, etc.
• Knowledge of current Information Security threats, trends, and mitigations
• Skilled in risk management, technical risk analysis, and making complex business/risk trade-off recommendations and decisions
• Understanding of impact of financial, technology and privacy regulations on Fintech products and services
• Demonstrated ability to lead and influence others
• Senior level written and verbal communication skills
• Demonstrated leadership, teamwork and collaboration skills
• Industry certifications (CISSP, CISA, CISM, CTPRP, CIPT/CIPP, GSEC, GIAC, etc.)