Responsibilities:
• Support key program objectives to ensure critical 2024 goals are accomplished in alignment with organizational expectations.
• Provide advisory services to evaluate, recommend, design, and implement third-party risk management solutions and process improvements. Collaborate with internal teams to drive vendor due diligence activities, inclusive of identifying and assessing risks and mitigating controls.
• Develop knowledge of vendor services and obligations provided by vendors and business owners’ reliance upon those services. Use knowledge to identify requirements, develop, monitor, and support the execution of third-party remediation actions and mitigation and contingency plans, as warranted, when risks or risk events are identified.
• Conduct risk assessments and develop mitigation plans, work closely with vendor managers and business stakeholders on the finalization of mitigation plans and execution against continuous monitoring and control plans.
• Assess the effectiveness of control and mitigation plans, advising stakeholders on any required control enhancements for third-party risks.
• Review and interpret results of vendor audit reports and attestations (such as SOC2 reports); identify deficiencies and areas for remediation; advise appropriate stakeholders on findings; incorporate into overall vendor risk assessment and mitigation plans.
• Review data and assist in advising stakeholders and others on best practices and how to implement the necessary changes to address third-party risks.
• Build communication and escalation plans related to third-party risk management activities.
• Provide strategic support to business owners, stakeholders, and leaders.
• Assist with process improvement and discussions related to third-party risk management solutions.

Qualifications:
• Bachelor's Degree or equivalent experience
• 3 to 5+ years of experience in managing risk and compliance issues, or similar experience managing applications, projects, or systems that require identification, evaluation, and remediation of risk.
• Enhanced knowledge pertaining to concepts and principles related to third-party risk management.
• Experience with compliance and security audits, and risk mitigation plans. Experience developing and completing vendor risk assessments for enterprise-level vendor relationships. Understanding of various risk and security certifications and attestations (SOC2, ISO 27001, etc.). Familiarity with third party risk and governance concepts.
• Proficient understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits.
• Ability to tailor communications to their appropriate audience and present information in a credible, confident, and influential manner. Communicate in a concise, direct and purposeful way.