Third Party Risk Management Associate

Role Description

Reporting to the Executive Director of Third-Party Risk and Head of Non-Financial Risk, the Associate supports the 2nd Line of Defense (LOD) Risk Management Department Americas Division’s (RMDAD) third-party risk management for the Combined U.S. Operations (CUSO) in accordance with US Regulations, Head Office policies and industry practices for Third Party Risk Management.

The Risk Management Department is the 2nd LOD in its role of monitoring and assessing business practices as related to the risk appetite framework for SMBC. RMDAD implements an Non Financial risk framework independent of the businesses’ risk appetite statements. The Associate is responsible for supporting the third-party risk management across various businesses, group companies, and functions of the bank and reporting results/findings to the Executive Director of Third-Party Risk and Head of Non-Financial Risk, as necessary.

Responsibilities

• Assist with Ongoing Roll out and Execution of Third Party Risk Framework
• Supports the Executive Director of Third-Party Risk in ensuring third-party risk is adequately governed, managed, and controlled bank-wide
• Supports the Executive Director of Third-Party Risk in their role of primary Operational Risk Management (ORM) liaison to effectively provide oversight of third-party risk management policies, standards, controls, and activities across the organization
• Assists in the review and approval of policies and procedures specific to third-party risk
• Assists in the review and challenge of third-party risk management related activities and operational risk profile(s), including controls, performance against key risk indicators (KRIs), risk assessments and remediation plans
• Supports the escalation of risks, issues (including new and emerging), and events (vendor issues/terminations, incidents, losses) and reports to management, as appropriate
• Understands the impact of third-party risk across the business, group companies, and functions of the bank
• Collaborates with stakeholders (business/function/entity) to increase awareness of third-party risk
• Coordinates with the first line third party risk management operations to obtain and share relevant information, reports and changes to policies, activities, processes, controls, etc. related to third-party risk
• Supports the drafting and leading of third-party risk management training bank-wide

Qualifications and Skills

• Well-versed in Third Party Risk Framework and Regulations. Prior work experience with third party due diligence risk disciplines such as Information/Cyber Risk, Compliance, Business Continuity, Disaster Recovery, Finance, Reputation Risk etc. along working knowledge of operational resilience framework
• 3-5 years of direct work experience within the financial services industry, focused on third party risk management, regulatory, compliance, or audit experience
• Prior experience in Third Party Governance – Reporting and Metrics design and implementation
• Foundational knowledge of enterprise risk management industry practices including project management, and risk control self-assessments
• Detail oriented, with proven ability to question the status quo and apply effective challenge, as appropriate
• Strong organizational skills, with proven ability to successfully manage multiple, concurrent priorities
• Demonstrated ability to influence a group of diverse stakeholders
• Foundational knowledge of banking laws and regulations (North America)
• Maintain an operational risk management and regulatory compliance mindset to understand underlying risks and weaknesses to properly assist in mitigating such risks
• Strong desire to continually deliver a quality and meaningful work product in a timely and efficient manner