Third-Party Risk Manager

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

NightOwl Consulting

WebsiteLinkedInAll Job Openings

51 - 200 employees

🤝 B2B

🎯 Recruiter

☁️ SaaS

B2B • Recruitment • SaaS

NightOwl Consulting is a global business service (GBS) provider that connects companies with skilled talent in the Philippines to optimize their business processes and dramatically reduce costs. Specializing in team-building for various roles such as pre-construction, AutoCAD drafting, insurance, bookkeeping, and administrative assistance, NightOwl Consulting provides customized offshoring solutions tailored to the specific needs of each client. Through its transparent, cost-effective pricing model, the company prides itself on high client satisfaction and employee retention rates while fostering a supportive and engaging work culture. NightOwl Consulting supports businesses by recruiting, training, and managing dedicated teams for various industry sectors, ensuring enhanced productivity at a significantly reduced cost.

📋 Description

• Determine the inherent risk tier (Tier 1, Tier 2, or Tier 3) for every third party prior to contracting or engagement, consistent with the criteria defined in TPRM02. • Perform and document inherent risk assessments during onboarding, according to the policy reassessment schedule (annual for Tier 1 and bi-annual for Tier 2 vendors), and whenever a material change occurs in the vendor relationship. • Administer the due diligence process, including the issuance and evaluation of vendor due diligence questionnaires (DDQs), SOC 1 and SOC 2 reports, financial statements, insurance certificates, business continuity and information security documentation, and licensing or regulatory standing. • Maintain the authoritative third-party inventory, including assigned risk tier, services provided, data classification, system access, contract status, and all supporting documentation. • Administer the Company’s vendor management software platform, including profile setup, document collection, workflow configuration, expiration tracking, contract repository management, and audit history maintenance. • Monitor all vendors, contractors, and third-party counterparties against the FHFA Suspended Counterparty List (SCL) prior to engagement and on a recurring monthly basis; immediately escalate any matches to General Counsel and Compliance. • Coordinate contract reviews with Legal to ensure all required clauses are included, including information security, confidentiality, audit rights, subcontracting, breach notification, business continuity, termination, and return or destruction of data provisions. • Track and report vendor incidents, performance issues, breaches, and remediation activities; communicate findings to business owners and escalate material concerns to the Risk Management Committee. • Maintain documentation of vendor reviews, due diligence activities, identified risks, and required remediation efforts; provide training to business owners on intake and approval workflows. • Administer the vendor termination process, including coordination of the return of Company property and the return or destruction of Company data and information in accordance with legal and regulatory requirements. • Document and route policy exceptions for approval by the Third-Party Risk Manager and, when required, the Risk Management Committee. • Prepare periodic TPRM reporting and performance metrics for senior leadership, the Risk Management Committee, internal audit, external examiners, investors, and warehouse lenders. • Support audits and regulatory examinations by producing vendor inventories, risk assessments, due diligence files, and program documentation upon request. • Coordinate with the AI Governance Committee on due diligence and risk tiering activities related to third-party AI solutions and AI-enabled vendor features, consistent with RAIG01 Section 10. • Lead the annual review of the Third-Party Risk Management Policy (TPRM02) and recommend revisions for approval. • Perform other duties and responsibilities as assigned.

🎯 Requirements

• Minimum of five (5) years of experience in third-party risk management, vendor management, operational risk, compliance, or audit, with demonstrated day-to-day ownership of a formal risk management program. • Minimum of five (5) years of experience within a regulated financial services environment; mortgage industry experience is strongly preferred. • Minimum of five (5) years of management, team leadership, or program leadership experience with responsibility for driving program execution, stakeholder engagement, and risk oversight. • Working knowledge of the regulatory landscape applicable to independent mortgage banks, including FHFA, CFPB, HUD, GLBA, state licensing authorities, GSE (Fannie Mae and Freddie Mac) seller/servicer requirements, and secondary market investor and warehouse lender expectations. • Demonstrated ability to evaluate SOC 1 and SOC 2 reports, information security questionnaires, financial statements, insurance coverage, and business continuity documentation, and translate findings into clear and well-supported risk decisions. • Experience administering a vendor management software platform such as VendorRisk.com, Venminder, ProcessUnity, Archer, or a comparable solution. • Strong understanding of inherent risk, residual risk, risk mitigation strategies, and the role of compensating controls within an effective risk management framework. • Excellent written and verbal communication skills, with the ability to brief executive leadership, prepare findings that withstand examiner and audit scrutiny, and explain risk decisions to non-technical business stakeholders. • Strong project management and organizational skills, with the ability to manage recurring assessment schedules across a large vendor population while maintaining accuracy and timeliness. • Solid working knowledge of Microsoft 365 applications, including Excel, Word, Outlook, Teams, and SharePoint, for reporting, documentation, file management, and collaboration. • Demonstrated discretion and sound judgment when handling non-public personal information (NPI), confidential vendor information, contractual terms, and other sensitive business data.

🏖️ Benefits

• - Above market salary • - HMO on Day 1 for principal and two dependents • - Government-mandated benefits • - Performance-based Incentives • - Quarterly Company Events • - 1,000 PHP De Minimis • - Equipment and software provided