Job Description:
  • Develop, coordinate, and implement vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model.
  • Coordinate the identification and ranking of vendor risks.
  • Coordinate the classification and tiering of vendors by risks and risk impacts.
  • Build communication and escalation plans around vendor risk management activities within the enterprise.
  • Understand and apply relevant regulatory and legal compliance requirements (under direct supervision of the Legal team partner).
  • Manage vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies.
  • Develop, monitor and possibly execute vendor remediation actions and mitigation plans when risks or events are identified.
  • Ensure third- (and increasingly, fourth) party vendor regulatory compliance.
  • Coordinate the gathering of vendor risk assessment data and prepare risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders.
  • Track identified risks and risk events.
  • Influence vendors and business partners to ensure compliance with risk management policies.
  • Collaborate as appropriate with information security, compliance and/or disaster recovery and business continuity management to maintain an enterprise risk management program.
  • Work with regulatory officers and auditors as necessary.
  • Communicate identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and addressing of these issues.
  • A minimum three to five years of experience in vendor risk management and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation and remediation if risk
  • Technical background or demonstrable understanding of a range of operational and IT risks and operations
  • Strong business background; experience gathering and interpreting risks and associated impacts in context of financial and operational concerns
  • Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits
  • Familiarity with local/regional/global industry and government regulations: Sarbanes-Oxley Act, Payment Card Industry Security [PCI] Standards, Health Insurance Portability and Accountability Act [HIPAA] and FedRAMP
  • Experience influencing third parties and managing vendor relationships
×