Vendor Risk Management Job Description
Vendor Risk Management Duties & Responsibilities
To write an effective vendor risk management job description, begin by listing detailed duties, responsibilities and expectations. We have included vendor risk management job description templates that you can modify and use.
Sample responsibilities for this position include:
Vendor Risk Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vendor Risk Management
List any licenses or certifications required by the position: CISSP, CISM, SSAE, CIPP, CISA, ISAE, ISACA, GCFW, GSEC, GIAC
Education for Vendor Risk Management
Typically a job would require a certain level of education.
Employers hiring for the vendor risk management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Business, Finance, Management, Accounting, Computer Science, Education, Economics, Business/Administration, Information Technology, Technology
Skills for Vendor Risk Management
Desired skills for vendor risk management include:
Desired experience for vendor risk management includes:
Vendor Risk Management Examples
Vendor Risk Management Job Description
- Ensuring appropriate Senior Management awareness/oversight for follow-up’s on action items, to resolve identified issues, for example generation of self-identified finding or audit issue resolution
- Pre-empting changes in the legal/ regulatory environment and supporting and advising Senior Management on the potential impact
- Taking responsibility for the VRM/IGO Process within CTO
- Acting as a delegate for CTO COO
- Providing VRM tool and process guidance to the SROs and the wider CTO team
- Managing the central team initiatives, such as risk reviews, open findings and transaction audits
- Experience of working within regulatory, audit, risk and control functions and the ability to demonstrate RRC expertise at a level sufficient to lead process improvement work and to deliver training and mentoring in IT risk and commercial/vendor risk management areas
- A proven ability to drive assignments autonomously and interact confidently with Senior Management, demonstrating resilience and tenacity
- Able to share information, transfer knowledge and expertise to global team members
- An experienced IT and business change programme and project manager
- 3-5 years of related business experience preferably in a banking environment
- Operations, auditing, Operational Risk, IT Security, Sarbanes Oxley, Basel and the FDICIA controls
- The preferred candidate should have minimum 2 years of experience in analytics in the risk management, sourcing, business operations, or finance functions
- Responsible for the global end to end vendor screening process, including coordination of and collaboration with other risk groups, BCM, Information Security to ensure timely execution of all the relevant assessments
- Ability to work independently part of a team under pressure to meet deadlines
- Experience with Shared Assessment Program or similar methodologies is a plus
Vendor Risk Management Job Description
- Information Technology Infrastructure Library (ITIL) certified to foundation level, or have the equivalent experience or qualifications
- Leads the implementation of strategic change within the Vendor Risk Assessment team
- Create and maintain the VRM policy, procedure manuals and systems documentation
- Lead cross-functional team in the vendor risk assessment process
- Assess and monitor vendor performance against contractual commitments
- Provide assistance to Card Marketing relationship owners relative to third party onboarding activities, specific to the Preliminary Risk Assessment Questionnaire, ensuring high quality and an appropriate level of due diligence is performed
- Support the business through completion of SME and Quality reviews and partners with Enterprise Contract Solutions through to contract completion
- Complete intake forms in the RAAS system and review risk scores for new vendors
- Drives assigned tasks leveraging IT expertise or outside resources where needed
- Coordinatates between external auditors and staff being audited
- Excellent teamwork skills the ability to work independently
- Sourcing/Procurement knowledge is a plus
- Previous banking/financial risk management experience strongly preferred
- Previous sourcing, contract and/or vendor management experience strongly preferred
- Knowledge of banking regulations and compliance risk management preferred
- Knowledge of SharePoint and/or RAAS (FIS) a plus
Vendor Risk Management Job Description
- Represent VRM on various internal risk and control committees plus other working groups
- You will support managing the vendor risk assessment framework for the bank
- You will conduct risk screenings and analysis assigned to VRM to identify potential concerns as part of the onboarding process for new vendors
- You will keep track of all open issues and ensure their timely closure
- You will be partnering & actively communicating with other teams within SVM and Contract Owners to provide information on new and existing vendor relationships and guide them through the vendor onboarding due diligence process, including completion of IRQs (inherent risk questionnaires
- Lead Operational Risk Management (ORM) activities related to the Company’s Vendor Risk program
- Review vendor risk assessments and communicate key risks to business areas
- Assist with the development of the enterprise-wide Vendor Risk dashboard
- Assist business owners in managing vendor risks throughout all phases of the vendor relationship life cycle
- Coordinate with subject matter experts to communicate potential key vendor risks to business owners to help ensure responsible risk treatment efforts
- Strong organizational skills with the ability to prioritize and handle multiple assignments while maintain commitment to deadlines
- Ability to be resourceful in researching issues, solving problems, and offering solutions
- Understanding of operational risks and control frameworks
- Strong creative presentation skills and advanced knowledge of PowerPoint required
- Track record of demonstrating initiative and motivation, working independently and holding him/herself accountable for high levels of performance with minimal supervision
- Good speaking, leadership and team-building skills
Vendor Risk Management Job Description
- Assume liaison role between ORM and Supply Chain Management (SCM)
- Maintain (or assist in the maintenance of) documents related to the Vendor Risk program
- Assist in fulfilling regulatory, client, and legal requests related to vendor risk, as necessary
- Document and communicate due diligence results, residual risks, and ongoing vendor management tasks to business managers
- Address vendor operating events to ensure appropriate remediation plans are prepared by working closely with the business and risk SMEs
- Monitor and review vendor performance reports prepared by business users
- You will build processes and controls which enhance Schwab’s vendor oversight program, and help to develop new ideas based on your interactions with partners and vendors
- You will spend time working with vendors to understand common issues, and help find innovative solutions supporting Schwab business teams achieve business objectives
- You may work with cross functional teams to define new controls and oversight processes
- You may work with the Corporate Vendor Management technology team to enhance tools to support information security industry changes
- Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CIPP, etc)
- Familiarity with external regulations, , DIACAP, HIPAA, Sarbanes-Oxley
- 5+ years of vendor or other third party-related risk management experience, preferably within the financial services industry
- Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., OCC, FFIEC, FCA, FRB, MAS)
- Familiarity with service organization reports (SSAE 16 / SSAE 18 / ISAE 3402) and other industry certifications (e.g., ISO, PCI-DSS, SysTrust)
- Experience reviewing and recommending control-related contractual terms and conditions
Vendor Risk Management Job Description
- You will identify opportunities for process improvements to deliver increasing operational efficiency in the vendor security oversight processes
- You will gain a unique understanding of business, technology and information security resulting in a deeper understating of their complexities, trade-offs and impacts
- You will learn how to analyze and understand highly complex business problems and regulatory requirements that are part of operating in the financial industry
- You will spend time examining and researching security controls and frameworks to understand what it takes to protect Schwab customer and Schwab information
- You will learn how to evaluate applicable security controls to apply against vendor services being provided and applicability of compensating controls for vendor security assessments
- Conduct third party risk assessments to assist in determining their ability to protect confidential and sensitive data
- S/he will act as a subject matter expert, liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner
- Work with Oversight Managers to ensure Security is engaged in projects
- Develop security deliverables based on the security documentations that is provided by the vendor
- Maintains an up-to-date understanding of industry best practices
- Act in a "Third Party risk Expert" capacity for the Vendor Management team
- Excellent verbal, written and presentation skills and ability
- Administer the vendor risk management process and make confident risk recommendations with respect to the integrity and business stability of new vendors or vendors nearing contract renewal
- Maintain relationships with the third parties to ensure compliance, requesting audit, tests or other evidence
- Maintain an inventory of in‐scope vendor artifacts and report their compliance status as required by stakeholders, management, review boards, regulatory bodies and auditors as necessary
- Distribution and interpretation of compliance questionnaires, analyzing vendor audit reports from various sources, and engaging vendor representatives for additional details regarding security controls