Reports to: Corporate Counsel Contracting and Vendor Management
Primary Functions: Independently facilitate, support, and grow the credit union’s vendor risk management program to mitigate against vendor risks in alignment with enterprise risk tolerances. Facilitate initial and periodic due diligence reviews of vendors through the collection, review, and preparation of executive summaries of vendor documentation and continuous monitoring of the credit union’s cumulative vendor risk profile. Assist business lines as needed with vendor risk activities along with reviewing and developing policies and procedures that support the growing credit union vendor risk management functions.
Duties and Responsibilities:
Education: A bachelor’s degree in Computer Science, Information Technology, Information Security, or related field.
Creditable Experience in Lieu of Education: Four years equivalent experience in compliance, risk assessment, third party risk management, policy development, security control development, security auditing, or information technology systems. The following certifications are preferred: CRVPM: Certified Regulatory Vendor Program Manager, TPRM: Third-Party Risk Management, CTPRP: Certified Third-Party Risk Professional, CTPRA: Certified Third-Party Risk Assessor C3PRMP: Certified Third-Party Risk Management Professional, CCSA: Certification in Control Self-Assessment, CISA: Certified Information Security Auditor, CRISC: Certified in Risk and Information Systems Control, CISSP: Certified Information Systems Security Professional, CGEIT: Certified in the Governance of Enterprise IT, or CISM: Certified Information Security Manager.
Experience/Skills: Four years of experience in a vendor risk management related field. Four years of experience with computerized vendor management system. Working knowledge industry specific rules and regulations including but not limited to the Bank Secrecy Act of 1970, Right to Financial Privacy Act of 1978, Fair Lending rule and regulations, Gramm-Leach-Bliley Act/Financial Services Modernization Act of 1999, California Consumer Privacy Act of 2018, General Data Protection Regulation, National Credit Union Administration rules and regulations, Federal Financial Institution Examination Counsel best practices and handbooks, Consumer Financial Protection Bureau rules and regulations, and NIST standards. Ability to design/augment processes and implement change across the credit union bringing a concept to reality. Exceptional critical thinking and problem-solving skills; strong judgment, Relentless customer focus with the ability to conduct interactions with resilience, poise, and grace under pressure. Advanced knowledge and understanding of due diligence documentation including but not limited to standard controls documentations/reports, financial statements, systems diagrams, business continuity program statements, certificates of insurance, and privacy program statements. Significant analytical skills and strong organizational ability. Keen attention to detail. Ability to manage multiple priorities and projects in a fast-paced environment. Excellent and demonstrable oral and written communication skills. High emotional intelligence, good judgment, and sense of humor. Proficiency in MS Word, Power Point and Excel is required.
Tenure: Not Applicable
Equal Opportunity Employer