3rd Party Risk Monitoring & Testing Manager

At VyStar, we offer competitive pay, an excellent benefit package that includes a 401(k) Plan, an extensive paid technical and on-the-job training program, and tuition reimbursement--available to all full and part time employees. Part time positions start at a minimum of 30 hours per week.

We encourage you to become a part of VyStar Credit Union's family of employees.

3rd Party Risk Monitoring & Testing Manager

ACCOUNTABILITY STATEMENT Responsible to lead the effort to implement, manage, and maintain a compliant 3rd Party Risk Management Program for all monitoring and testing activities, including effective credible challenge of 3rd party risks with business owners and stakeholders and 3rd party evaluation of the existing 3rd party relationship portfolio to ensure VyStar is mitigating and maintaining risk controls within our portfolio. Ensure all monitoring processes comply with required federal and state laws, statutes, and regulations. This role will ensure timely and accurate relevant risk management data is captured and maintained within the 3rd Party Risk Management systems. The position will ensure practices are in place to sufficiently identify, manage and protect VyStar from inherent vendor risks and in support of defined risk tolerance levels. Assist the VP, 3rd Party Risk Management to develop and maintain a risk intelligent culture with strong collaborative relationships across the organization. Help to create and foster an increased understanding and awareness of business line managers' responsibility for 3rd party relationship management, performance management, and risk management activities in their daily decision-making processes and procedural guidance. In concert with ERM functional peers, provide advice and consult with business owners to support more information risk-based thinking and decision-making skills.

ESSENTIAL JOB FUNCTIONS:

• Lead and actively manage the design, implementation, and operation of the Third-Party Risk Management monitoring program including establishing routine schedules and reviews for ongoing monitoring profiles and tasks for existing 3rd party relationships, education with business owners and stakeholders, remediation activities, evaluation of 3rd party materials to mitigate and manage 3rd party risk, and proper termination practices for offboarding relationships.
• Liaise with the Cultural Diversity and Equity department and the 3PRM Onboarding Manager on supplier diversity requirements and management of the supplier diversity program with relation to monitoring activities to ensure compliance with the supplier diversity program design.
• Manage the support teams and processes for monitoring activities for the 3rd party risk management program
• Support the VP, 3rd Party Risk Management in the mitigation and/or remediation of self-identified and internal audit issues and regulatory exam findings to ensure management of third-party risk within the enterprise risk appetite.
• Lead 3rd party risk team members to ensure Business Owner/Corporate Stakeholders in the completion of monitoring activities for existing 3rd party relationships or relationships with changes that prompt monitoring activity changes.
• Manage 3rd Party Risk Management teams, providing leadership and direction to ensure execution of risk review/monitoring and independent challenge through engagement with business partners and corporate stakeholders.
• Ensure 3rd Party monitoring processes, testing, and related information is captured and included in the 3rd Party Risk Management systems.
• Ensure Third-Party Risk monitoring profiles, risk ratings and related information is derived accurately, and included in 3rd party risk management reports. Liaise with the appropriate team members within the 3rd party risk management team or other teams as necessary to ensure accuracy.
• Ensure that identified risks and related controls are managed within the risk appetite.
• Provide effective challenge and ensure documentation and escalation of significant risks, issues, and other pertinent information to management and governance committees for existing 3rd party relationships, as appropriate.
• Coordinate with all lines of defense and impacted business partners, to continue alignment between 3rd Party Risk monitoring processes and the VyStar risk appetite.
• Manage required resources and headcount to ensure appropriate resource levels and skill sets are maintained to ensure effective execution of the 3rd Party Risk Management 3rd party monitoring functions and provide direct oversight of the day-to-day activities of the monitoring activities and resources.
• Inform VP, 3rd Party Risk Management of notable operational and administrative activities and concerns as well as status of ongoing projects for monitoring activities.
• Build collaborative relationships within the ERM function and with all VyStar departments to maximize effective selection and management of existing 3rd party relationships.
• Evaluate all operational activities for monitoring activities within the department to ensure compliance with 3rd Party risk management regulatory requirements.
• Conduct annual performance evaluations and provide opportunities and guidance for staff to assist them in the achievement of their professional and personal goals. Perform hiring, promoting and termination activities as necessary, subject to approved budgets.
• Implement and maintain efficient, automated processes to support the 3rd Party Risk Management Program methodology and management reporting, that will support the consistent collection and retention of information and documentation, track issues and resolutions, assist in the analysis/identification of trends and provide quality management reporting.
• Ensure monitoring and offboarding practices are formally documented to provide clear policy and procedural direction, to consistently maintain and safeguard confidential information and to support the highest level of ethical standards.
• Prepare and provide budgetary details for resources needed for monitoring activities to the VP, 3rd Party Risk Management for approval. Continually evaluate means to balance cost containment with maintaining high quality standards and skilled professionals.
• Socialize Testing & Monitoring results with management and present findings requiring remediation to the VP, 3rd Party Risk Management.
• Manage special projects for monitoring activities and support Business Owners and Subject Matter experts in their responsibilities for the monitoring program for 3rd party relationships evaluations and reviews, to include SOC reports, Financials, Licensing requirements, Insurance, Service Level Metrics, 3rd party performance scorecards, site visits, etc.
• Develop and implement monitoring program metrics to effectively mitigate and manage 3rd party risk aligned with VyStar's risk appetite.
• Develop and implement quality control processes for the monitoring, testing, and offboarding functions.

VyStar Excellence Behaviors: Demonstrate each of the following VyStar Excellence behaviors in performing the duties and responsibilities of the job.

• Focus - Focus your full attention by carefully listening to and observing your client or member.
• Connect - Consistently be friendly and approachable. Demonstrate you care.
• Understand - Listen empathetically and ask questions. (70%/30%)
• Counsel - Recommend solutions based on your client's or member's needs and objectives.
• Advance - Ensure that member's expectations are exceeded. Verify necessary follow-up action.

Job Knowledge, Skills & Abilities:

Maintain an understanding of VyStar's overall business plan objectives, long-term strategic goals and current financial results. Ability to review and understand 3rd party's financial, information security, licensing, and insurance concepts. Ability to make recommendations to internal stakeholders to mitigate risk presented by 3rd Party relationships based on VyStar's risk appetite. Must possess a strong understanding of 3rd party risk management programs, systems, and concepts. Must possess a strong nature of collaboration and sharing of expertise/knowledge between all areas of the organization. Ability to present material and communicate effectively among all levels in the organization.

Annually, obtain necessary continuing education hours to maintain professional certifications, as applicable, and to continuously enhance individual knowledge. Intermediate proficiency in MS Office (Excel, PowerPoint, Word, Outlook, OneNote) and working knowledge of federal and state regulatory requirements as applicable to the 3rd party risk management function is required.

Education & Experience:

Bachelor's Degree in Business or a related field is required. A minimum of 5+ years of experience in a 3rd Party Risk Management leadership role is required, including experience with the evaluation, testing, monitoring, risk remediation, and performance evaluation and management activities. Maintain at least one of the following Risk Management Professional Certifications, i.e. Certified Third-Party Risk Professional, Certified Regulatory Vendor Program Manager, or equivalent certification. Previous financial institution experience preferred.

Behavioral/Leadership Skills:

Strong written and oral communication skills when interacting with management and employees throughout the organization and when interacting with 3rd parties and others external to VyStar, including an ability to create and foster collaborative relationships and communicate risk related concepts effectively. Demonstrate professional composure, objectivity and fairness when dealing with conflicts and sensitive matters. Display initiative, attention to detail/accuracy, strong organizational skills, the ability to multi-task and meet established deadlines. Exhibit sound professional judgment, problem-solving skills and due professional care in the quality of work produced. Contribute to the strong credibility and integrity of the overall ERM function. Exhibit a high level of ethical integrity, with the ability to maintain confidential and sensitive information appropriately. Exhibit a strong sense of teamwork and ability to collaborate with team members to achieve high quality and productivity levels.

DISCLAIMER AND WORK ENVIRONMENT

Nothing in this position description is an implied contract for employment. The position description is intended to be an accurate account of the essential functions. The functions are not all encompassing and are subject to change at any time by management.

The work environment characteristics described are representative of those that an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

As required or requested, may exert up to 20 pounds of force occasionally and/or a negligible amount of force constantly to lift, carry, push, pull or otherwise move objects.