Functional Title:

TPRM Specialist

Corporate Title:

AVP

Overtime Eligible (Y/N)

N

Department:

GRM-CRIS, RCISO New York

Reports To: (Position)

Lead Coordinator (Head of NY TPRM)

Management Responsibilities: (Y/N)

No

Position Summary:

The TPRM Specialist is responsible for coordinating, performing, and reviewing operational third-party risk management activities for the NY TPRM Program. The TPRM Specialist will also participate in the overall NY TPRM Program Governance/Management activities as directed by the Head of NY TPRM.

Essential Duties and Responsibilities:

·        Operational third-party risk management responsibilities for external third-party relationships:

·        Perform ongoing monitoring / annual assessments on third-party controls in collaboration with the third party, Contract Owner, and Local Topic Owner(s) as applicable. These assessments may include but not limited to third-party controls in the following areas: Information Security, Compliance, Business Continuity, Physical Security, and Subcontractor.

·        Review control assessments performed by offshore or consultant resources.

·        Coordinate the completion of ongoing monitoring reviews by the Contract Owners.

·        Coordinate and perform pre-contract due diligence process on new third parties, including short-listed third parties in an RFP, in collaboration with Procurement, Contract Owner, and the third party.

·        Operational third-party risk management responsibilities for internal third-party relationships:

·        Coordinate the completion of annual assessments on the controls by the Local Topic Owners.

·        Coordinate the completion of ongoing monitoring reviews by the Contract Owners.

·        Program Governance / Management activities for NY TPRM:

·        Attend NY TPRM Committee meetings and take notes.

·        Participate in the periodic reviews of the risk assessment methodology with the Local Topic Owners.

·        Participate in other program governance / management activities as applicable.

·        Act as a backup to the Head of NY TPRM when needed, including overseeing the NY TPRM Program, providing program status to senior management, interacting with regulators and second/third line-of-defense, and conducting the Local Outsourcing Coordinator (LOC) role for the global TPR Program.

Experience /Qualifications/Education:

·        Bachelor’s degree in Information Technology, Information Systems, Risk Management, or related fields.

·        Minimum 5 years of experience in Vendor / Third Party Risk Management in the financial service industry.

·        Minimum 3 years of experience performing risk assessment and control assessment / due diligence on the third parties. Experience performing Information Security control assessments is a must.

·        Minimum 5-8 years of experience in the financial service industry.

·        TPRM-related certifications are a plus, e.g., Certified Risk Manager (CRM), Certified Information Systems Security Professionals (CISSP), Certified Information Security Managers (CISM), Certified Third-Party Risk Professional (CTPRP), Certified Third-Party Risk Assessor (CTPRA).

·        Extensive knowledge of TPRM concepts and best practices, including strong understanding of common third-party risk areas such as information security, business continuity, compliance, and physical security.

·        Deep understanding of Interagency Guidance on Third-Party Relationships: Risk Management; additional knowledge on other regulators’ third-party risk related guidance and requirements.

·        Effective communication, presentation, documentation, and interpersonal collaborative skills.

·        Ability to quickly grasp organizational processes and procedures.

·        Ability to work well under pressure to meet tight timelines.

Disclaimer: 

The above statements are intended to describe the general nature and level of work being performed by people assigned to this position.  This document is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required by the incumbents.   Job responsibilities are subject to change, with or without notice.  All employees may be required to perform duties outside of their normal responsibilities at any time at the Firm’s total discretion.  

This document does not constitute a contract of employment with you of any kind, express or implied for any duration, or with respect to any of its stated or omitted terms.  As described in the Firm’s employee handbook, the Firm reserves the right to terminate your employment with or without cause, notice or reason at any time at its sole discretion.