City National Bank of Florida relies on a network of Third Parties to provide products and services to enable and support operations throughout the institution. As a result, the bank's exposure to various risks is heightened. Inadequate onboarding and on-going management of Third Parties could result in security breaches, operational inefficiencies, legal action, financial loss, and severe damage to our reputation. To address this challenge, City National Bank of Florida has implemented a Third-Party Risk Management Program (TPRM) to identify and evaluate risks and provide proper oversight of our business relationships.
The Third-Party Risk Officer is responsible for the execution and oversight of the company's TPRM lifecycle requirements for engagements across multiple lines of business. The portfolio of engagements represents a significant base of critical and high-risk commercial relationships requiring comprehensive and rigorous oversight and compliance with the Third-Party Risk Management Policy and regulatory requirements. The Third-Party Risk Officer evaluates and monitors all aspects of the services; independently assesses increasing and emerging risks in the Third-Party space. In this role, the leader also assists with the development of enhancements to new or existing Third-Party policies and procedures and takes on any other responsibilities assigned by the Director that will be related to key initiatives and or other company businesses and functions. To be successful in this role, the Third-Party Risk Officer must be an effective change agent and collaborator, possess the skills and willingness to perform duties that are a combination of tactical, transactional, and strategic in nature. The role will offer a high level of visibility to key management stakeholders.
Principal Duties & Responsibilities:
- Partner with assigned business units and the Vendor Management Office to establish an appropriate engagement process to enable meaningful oversight and portfolio management and ensure business adherence to related risk policies, standards, and procedures.
- As the Second Line function, ensure that there is adequate oversight of the VMO, to include risk assessments for vendors, identification of critical vendors, cadence for periodic reviews, risk rating of vendors, documentation received by vendors at onboarding and/or during the lifecycle of the vendor engagement.
- Execute responsibilities articulated in the relevant policies pertaining to Third-Party Risk Management.
- Conduct and document deep dive reviews into significant current or emerging risk areas as they relate to Third-Party Vendors engaged with the institution.
- Ensure Lines of Business, Risk areas, VMO and TPRM are working jointly to ensure compliance of activities across the risk life cycle to include Contract Reviews, Information Security Reviews, and Ongoing Monitoring.
- In collaboration with relevant stakeholders, develop risk mitigation strategies and action plans as appropriate across commercial relationships.
- Oversee and or develop Ongoing Monitoring (OGM) plans in alignment with TPRM policy for newly onboarded Third Parties and ensures Business Owners are executing OGM plans for existing engagements.
- Execute Issue Management end-to-end activities (issue identification, prioritization, assignment, remediation, closure) for matters pertaining to Third Parties, as well as the Third-Party Program.
- Leverage core tools to provide effective oversight and challenge risk ratings and risk tolerance.
- Lead risk assessment cross-functional reviews to proactively identify inherent and residual risks related to new and existing contractual relationships.
- Conducts internal testing of dispute processes to ensure control.
- Acts as SME to senior stakeholders and /or other team members.