Skip to content
Third Party Risk Manager
| Company | Varo |
|---|
| Location | Atlanta, GA, USA |
|---|
| Salary | $100000 – $150000 |
|---|
| Type | Full-Time |
|---|
| Degrees | |
|---|
| Experience Level | Senior |
|---|
Requirements
- 5-7 years of leading third-party risk management experience with a financial institution, a fintech company, or a provider to the financial services business sector
- Risk assessment and due diligence experience with a particular focus on identifying risks and identifying and implementing solutions to remediate these gaps
- Ability to conduct and report on testing of applicable controls that are in place regarding third-party service providers
- Experience designing systems and workflows that support effective prioritization of monitoring Third Parties and work for the team
- Previous experience reporting to senior management, the Board, and/or Committees of the Board on the status of third-party risk management efforts
- Experience implementing Third Party Management requirements to comply with various regulatory requirements and industry best practices
- Business Continuity, Disaster Recovery, NIST CSF, PCI DSS compliance, SOC 2 Type 2, etc.
- Experience with RSA Archer or similar GRC tools
Responsibilities
- Manage and enhance Varo’s Third-Party Risk Management Framework to ensure it meets regulatory expectations and Varo’s risk appetite
- Define and meet SLA expectations for Third Party Risk Assessments, vendor onboarding, proof of concept periods, and retirement
- Oversee the implementation and adherence to Varo’s policy and procedures regarding third-party risk management, including training internal departments on requirements and managing third-party service providers/vendors on an ongoing basis
- Collaborate with internal stakeholders to establish and maintain a comprehensive inventory of third-party relationships, applications, and associated risks
- Collaborate with internal technology and security teams to develop incident response plans and procedures for addressing cybersecurity incidents involving third parties
- Work closely with all Varo departments and internal risk groups that are seeking third-party services/vendor relationships to assure that appropriate risk assessment and due diligence are conducted for any new third-party service
- Prepare and present comprehensive reports and recommendations to senior management regarding third-party risk exposures and mitigation strategies through performance assessments
- Partner with internal budget owners to deliver against budgets and work with appropriate stakeholders on contract negotiations for all managed third-party relationships
- Track compliance with Varo’s third-party policies and procedures, analyze and report on any gaps, and provide recommendations for remediation of such gaps
- Develop dashboard presentations and reports, and provide periodic updates to various Risk Committees on the status of the third-party risk management program
- Act as TPRM Lead in any Regulatory and audit matters, including exams and meetings
Preferred Qualifications
No preferred qualifications provided.
