Posted in

Senior Manager-Enterprise Third-Party Risk Management

Senior Manager-Enterprise Third-Party Risk Management

CompanyBank of Montreal
LocationChicago, IL, USA
Salary$100000 – $185500
TypeFull-Time
DegreesBachelor’s, Master’s
Experience LevelSenior, Expert or higher

Requirements

  • Undergraduate university degree, and Graduate degree or Professional Designation
  • 7-10 years of relevant experience in financial services or supply chain management in other industries
  • In-depth knowledge of Third-Party Management lifecycle and related risk management standards, methodologies, and practices
  • Experience with policy writing, data analysis or risk reporting is an asset
  • Experience with business intelligence tools e.g. Microsoft BI is an asset
  • Experience in supporting relationship management with regulators is an asset
  • Experience in oversight of Vendor Cyber and Technology Risk is an asset
  • Sound knowledge of multi-jurisdictional regulatory environments and trends related to Third-Party Risks
  • Exposure to retail/wholesale banking is an asset

Responsibilities

  • Provide strategic input into business decisions as a trusted advisor
  • Make recommendations to senior leaders on strategy and new initiatives, based on an in-depth understanding of the business/group
  • Develop, implement and maintain the Third-Party Risk Management Directive, Framework and other related requirements that are used across the enterprise to ensure Third-Party Risks are appropriately identified, assessed, managed, monitored and reported
  • Provide oversight and 2nd line effective challenge to ensure the Third-Party Risks, especially Third-Party Cyber Security and Technology risks are being identified, assessed, managed and reported in accordance with applicable Regulatory and Governance requirements
  • Act as subject matter expert on relevant Third-Party regulations and policies
  • Promote and support BMO’s risks culture and operational resilience ensuring employees understand their accountabilities for risk-taking activities related to Third-Party Risk, promoting an environment of open communication and effective challenge
  • Support development of Third-Party Risk Appetite Statements and related metrics for the Enterprise, ensuring compliance with Risk Appetite Framework
  • Support development and implementation of relevant policies, standards, directives, frameworks and requirements relating to management of Third-Party Risk
  • Support oversight and effective challenge of Third-Party risk assessment and management activities for High Risk engagement
  • Research and provide thought leadership on current and emerging methodologies to quantify Third-Party Risk (and other non-financial risks)
  • Support 1st and 2nd Lines to appropriately identify, assess, measure and manage Third-Party Risk across their portfolios
  • Collaborate with all risk experts and stakeholders to ensure appropriate coverage and scrutiny of Third-Party Risk (especially Third-Party Cyber Security and Technology Risks) across all risk registers, libraries, forums and committees
  • Support remediation of Audit and Regulatory issues and findings relating to the design of the Third-Party Risk Management policies, standards, frameworks, and requirements
  • Provide oversight to ensure that Third-Party Risk across the Enterprise remains within the established risk appetite, and that internal controls are appropriately designed and implemented, and are operating effectively
  • Support development, enhancement and implementation of oversight methodologies that rely on data analysis, data aggregation, trend analysis to monitor the control environment related to Third Parties
  • Support development and implementation of testing methodologies to maintain oversight over Third-Party risk-taking activities across all stages of the Third-Party lifecycle
  • Provide input and effective challenge to ensure projects, initiatives and other change activities appropriately consider Third-Party Risks
  • Provide input and effective challenge over Key Risk Indicators used to monitor Third-Party Risks
  • Provide input and effective challenge to ensure that issues and operational risks events relating to Third-Party Risks are appropriately remediated within set timelines
  • Provide subject matter expertise and guidance on specific operational risk events, recommending solutions for management of Third-Party Risks that are commensurate with the materiality and complexity of the event
  • Understand industry trends and regulatory requirements relating the Vendor Management, and articulate 2nd Line of Defense positions on these (to share with Senior Leadership and 1st Line Risk Experts of these functions)
  • Provide thought leadership and subject matter expertise on all Operational Risk Categories (AML, Legal, Compliance etc.) for Procurement
  • Provide oversight and 2nd line effective challenge to ensure all operational risks within the Procurement functions are appropriately managed
  • Ensure Operational Risks from risk taking activities within Procurement functions are identified, assessed, measured, managed and reported within a consistent framework of robust internal controls
  • Support development of, and provide effective challenge over development of Process, Risk and Control Libraries for Procurement
  • Work with Cyber Risk Management, Technology Risk Management and other subject matter experts to provide subject matter expertise on Third-Party related elements relating to these risks
  • Gather, assemble and analyze internal and external data to drive unique insights to identify risks, and recommend improvements TPRM management programs
  • Develop and implement relevant parameters for reporting of the Third-Party Risk profiles for individual operating groups and the Enterprise
  • Develop and maintain effective relationships with 1st and 2nd line business partners involved in management and oversight of Third-Party Risks
  • Build collaborative relationships with Senior Operational Risk Officers, and other risk management groups and subject matter experts across the organization
  • Anticipate and prepare for emerging regulatory developments, and support maintenance effective relationships with regulators
  • Promote communication of regulatory engagement standards and best practices
  • Participate in industry groups to influence development of regulatory requirements
  • Support efficient management of regulatory audit and exam activities related to Third-Party Risk

Preferred Qualifications

  • Experience with policy writing, data analysis or risk reporting is an asset
  • Experience with business intelligence tools e.g. Microsoft BI is an asset
  • Experience in supporting relationship management with regulators is an asset
  • Experience in oversight of Vendor Cyber and Technology Risk is an asset
  • Exposure to retail/wholesale banking is an asset