Third Party Risk Management Advisor

Job Description :

• Support key program objectives to ensure TPRM’s critical 2024 goals are accomplished in alignment with organizational expectations.
• Provide advisory services to evaluate, recommend, design, and implement third-party risk management solutions and process improvements.
• Collaborate with internal FRS teams to drive vendor due diligence activities, inclusive of identifying and assessing risks and mitigating controls.
• Develop knowledge of vendor services and obligations provided by National IT’s vendors and business owners’ reliance upon those services.
• Use knowledge to identify requirements, develop, monitor, and support the execution of third-party remediation actions and mitigation and contingency plans, as warranted, when risks or risk events are identified.
• Conduct risk assessments and develop mitigation plans, work closely with vendor managers and business stakeholders on the finalization of mitigation plans and execution against continuous monitoring and control plans.
• Assess the effectiveness of control and mitigation plans, advising National IT stakeholders on any required control enhancements for third-party risks.
• Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation;

advise appropriate stakeholders on findings; incorporate into overall vendor risk assessment and mitigation plans.

• Review data and assist in advising stakeholders and others on best practices and how to implement the necessary changes to address third-party risks.
• Build communication and escalation plans related to third-party risk management activities across National IT.
• Provide strategic support to business owners, stakeholders, and leaders.
• Assist with process improvement and discussions related to third-party risk management solutions.

Qualifications :

• Bachelor's Degree or equivalent experience.
• 3 to 5+ years of experience in managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk.
• Enhanced knowledge pertaining to concepts and principles related to third-party risk management.
• Experience with compliance and security audits, and risk mitigation plans.
• Experience developing and completing vendor risk assessments for enterprise-level vendor relationships.
• Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc).
• Familiarity with third party risk and governance concepts.
• Proficient understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits.
• Ability to tailor communications to their appropriate audience and present information in a credible, confident, and influential manner.

Communicate in a concise, direct and purposeful way.

monsterit