#8270
nherent risks and control gaps are accurately identified and remediated
Ensure Third Party Risk Management policy and procedures, and Fusion Risk Management tool capabilities are implemented according to approved goals and policy
Validate incoming vendor and partner engagements, working with business partners to ensure data is complete and accurate and inherent risks are identified
Coordinate the distribution of due diligence questionnaires to the vendors and partners, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating.
Ensure all appropriate assessments are distributed, tracked and returned on a timely basis.
Ensure that vendors have required assessments and supplied artifacts.
Be a strong liaison to ensure that Risk Stakeholder questions are answered by Business or Suppliers as required. Conduct certain aspects of supplier due diligence not covered by risk stakeholders
Respond to inquiries/examination requests by supporting elements of the regulatory and audit examination cycle for inquiries or exams
Contribute to the development of detailed procedural documents and ensure alignment of TPRM with regulatory requirements including FFIEC, OCC and other applicable regulations
Identify, prioritize and pursue opportunities to enhance Finastra's third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness
Ensure fourth parties are identified, captured and reported across all suppliers
Develop and run consistent and accurate reports related to the supplier list and analyze data to prepare supplier reporting for senior management
Develop and populate metrics, reports and spreadsheets as necessary to showcase issues, risks and program status.
Required Experience:
Have three to five years of work experience related to Third Party Management, Vendor Risk Management, and/or Procurement, particularly in financial services and the payments and loans business.
Bachelor's of Arts or Sciences degree in the fields of Information Systems, Business Administration, or related major.
One or more relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third Party Risk Professional (CTPRP).
Familiarity with risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, and emerging technology platforms - mobile device platforms, cloud services, Big Data, and social media.
Understanding of vendor risk management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, remediation as well as inherent and residual risks.
Knowledge and experience with laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.).
Ability to perform research to provide material and evidence with internal and external inquiries. Assist with crafting high-quality presentations and reports, conveying sometimes complex topics to several levels of management.
Clear written and oral communication skills with experience writing policy and Procedural documentation.
Advanced skills in Microsoft Excel, PowerPoint, Cognos reporting and PowerBi
Experience with Fusion Risk Management or similar GRC tool.
#LI-AG1