Third Party Risk Management Technology Risk Program Manager
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Dover, DE 19904
The Third Party Risk Management Technology Risk Program Manager will be response for leading initiatives focused on U.S. Bank’s approach for risk assessing and overseeing Third Parties in regard to emerging and emerged technologies (i.e. Cloud, API, AI/ML, . . ). Additionally, the candidate will be responsible for leading a team of Risk Consultants who are responsible for managing, monitoring and coordinating Third Party Risk Management (TRPM) for assigned business line(s) and portfolios.
Successful candidates will be able to demonstrate knowledge of information security best practices and methodology. Candidates are required to have a technical background and knowledge of information security and and/or application life cycle management (development to implementation), with demonstrated experience leveraging these skills to effectively manage projects and establish effective controls to mitigate technology risk.
The candidate will facilitate third party risk assessments, manage issue mitigation, and assist with ongoing management activities of third parties. Candidates will leverage skills including relationship building, professional communication, and escalation management to ensure that U.S. Bank is assessing and rating risks in an effective and timely manner. In addition, the candidate will assist in identifying controls for emerging technology risk and collaborate with information security and data protection teams across the bank to implement small to large projects.
Business Knowledge: Quickly gain an understanding of U.S. Bank business line products and services to identify and address with third parties the associated risks and controls. Demonstrates ability to recognize the relevance of risk trends, issues and potential risk exposure, and recommends actions to address / remediate.
Technical Knowledge: Able to adapt to changing technology for assessing risks associated with third parties. Certified Information Systems Auditor (CISA), CompTIA Security , Certification Information Systems Security Professional (CISSP) or other information security certifications required. Experience with learning new technologies and retaining knowledge quickly within a regulated industry.
Regulatory Fundamentals: Demonstrates general knowledge of the laws and regulations governing TPRM, can identify key risk and controls of the business line third party relationships, and is able to convey elements of the TPRM program to meet internal audit and OCC/Regulatory requirements.
TPRM Fundamentals: Conversant in the application of regulatory guidance to the TPRM governance documentation and corporate policies governing third party risk management. Understands the importance and demands of examinations by internal/external auditors and regulatory examiners. Works directly with business lines, subject matter experts and other constituents to ensure compliance with applicable regulations and internal policies and procedures. Audit and credible challenge of discrepancies and data conflicts will be performed along with approvals of internal and external assessments for completeness, consistency and accuracy prior to third party engagement. The platform used to manage the TPRM Program is RSA Archer.
Communication and Relationship Building: Builds and maintains positive relationships with management, business line, third party teams, TPRM team members, and stakeholders across U.S. Bank using effective written and oral communication practices and can tailor communication to the audience level of understanding. Fosters collaboration internally through diplomacy and assertiveness across the U.S. Bank enterprise while drawing in diverse groups to share ideas, information and resources to strengthen the TPRM program. Builds cooperation and trust between departments, third parties, and other groups. Can influence others using program knowledge, negotiation methods, and is able to overcome objections to foster consensus among constituents.
Performance Development and Management: Models behavior that support the vision of TPRM and U.S. Bank. Sets clear, well-defined, desired outcomes for work activity and tracks progress while coping with challenging workloads. Able to adjust to and address competing priorities and urgent tasks.
- Bachelor’s degree, or equivalent work experience
- Ten or more years of experience in an applicable risk management environment
- Applicable certifications
• CISA, CompTIA Security , CISSP or other information security certifications
• Audit, Compliance, Quality Assurance, or Third Party Risk experience
• CPA, CIA, and/or CTPRP certifications
• IT Audit background
• Financial Services’ audit and regulatory background
• Advanced degree (MBA or JD)
• History of effective communication with multiple stakeholders
• Ability to build relationships with diverse groups across U.S. Bank
• Track record of meeting deadlines on a consistent basis
• Demonstrate business knowledge of banking-related products, services and relate how their associated risks may impact both U.S. Bank from a third party perspective
• Understand the impact of government legislation fundamentals related policies, procedures, and processes with the ability to support the second line of defense risk program
• Understanding of U.S. Bank business line products and services
Primary Location: Minnesota-MN-Minneapolis
Shift: 1st – Daytime
Average Hours Per Week: 40
Requisition ID: 190025706
Other Locations: United States
U.S. Bank is an Equal Opportunity Employer committed to creating a diverse workforce.
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.