Assistant Vice President, Risk Management

HOURS: Monday-Friday 8:30am-5:00pm

SUMMARY OF POSITION:

Primary responsibilities include the ongoing management and development of the Risk Management function (program) and supporting business process and functions in support of Tower Federal Credit Union’s (TFCU) business objectives and to establish systems and measures to meet TFCU’s safety and soundness standards. The incumbent has the delegated authority to manage and prioritize workflow in support of the Risk Management program, focusing on vendor management, in accordance with organization policy and standards. This position ensures the standards, processes and procedures comply with regulatory requirements. These responsibilities require a high level of interpersonal skills, confidentiality, and accuracy to support all aspects of the program. This position is responsible for managing and evaluating the activities of the Risk Management team and under the direction of the SVP/CFO, uses critical thinking, problem solving, and analytical skills to develop, coordinate, and implement a Risk Management program.

PRINCIPAL ACCOUNTABILITIES AND FUNCTIONS:

1. Manages, develops, documents, and implements all aspects of the vendor risk assessment and management program including third-party onboarding, vendor oversight, risk analysis supporting regulatory compliance and organizational policy

2. Develops qualitative and quantitative risk measurement and monitoring techniques. Establishes standards, processes, and procedures to support vendor due diligence, vendor performance, and assessing vendor risk.

3. Collaborates with internal stakeholders responsible for enterprise risk, Information Security, Business Continuity, Disaster Recovery, BSA/AML, Compliance, and Finance to ensure program alignment with regulatory requirements (including FFIEC, GLBA, and NACHA) and industry best practices, and that selected vendors meet TFCU’s evolving requirements in subsequent reviews.

4. Identifies process and controls to improve the program’s effectiveness and reduce TFCU’s risk. Develops and manages the processes to audit and assess the overall effectiveness of the vendor management risk assessment program.

5. Responsible for establishing and monitoring vendor service level agreements against contract terms for critical and essential vendors to meet TFCU’s financial safety and soundness objectives.

6. Reviews contracts to ensure key provisions focused on broad risks such as disaster recovery, incident response, breach declaration are included and aligned with organizational policy and standards.

7. Administers Vendor Management application to systematically manage, track, and report on critical and essential vendors, and identifies potential risks and proposes remedies when necessary.

8. Ensures organization-wide requirements for due diligence, risk assessment and continuous monitoring of vendors is accomplished. Participates on committees and cross functional groups to assist with risk evaluation and mitigation strategies.

9. Conducts and/or reviews initial and periodic vendor and security risk assessments. Conducts comprehensive vendor risk assessments that cover Legal & Regulatory Compliance, Reputation, Company Principal Review, Risk Management, Resilience, Incident Reporting, Physical Security, Contract Management, and Risk Remediation.

10. Aggregates and analyzes vendor data to depict and report on overall performance per vendor or the vendor management program as a whole.

11. Maintains accountability for overall accuracy and completeness of the program.

12. Assists with regulatory, internal or other third-party audit requests.

13. Reviews and analyzes information surrounding significant third-party events. Communicates to vendor-relationship owner and escalates to senior management, when applicable.

14. Assists in the continued development of the Risk Management team and provides direction and guidance to achieve organization and department goals in support of the Vendor Management Program and processes.

15. Performs related duties when assigned.

REQUIRED QUALIFICATIONS:

Bachelor’s Degree in Business Administration, Accounting, Statistics, Information Technology or a related field. Five to eight years progressively responsible and relevant Risk Management experience that demonstrates an understanding of the systematic risks associated with vendors similar to those engaged by TFCU required. Experience should include contract management skills and metrics and measurement skills with emphasis on service level agreements (SLAs) development and implementation. One to three years supervisory experience.

Or, an equivalent combination of education and experience.

Desired certifications include CISM, CRISC, or CISSP or related certifications that include relevant Risk Management domains or specialization.

COMPETENCIES:

 Must demonstrate strong verbal and written proficiency.
 Must possess demonstrated proficiency in Microsoft Office applications (Word, Excel, PowerPoint and Outlook).
 Must possess knowledge and proficiency in personal computer use, preferably with Windows 7 or Windows 10.
 Ability to effectively manage a team, and evaluate and provide guidance to others.
 Ability to interact effectively with technical and non-technical users at all organizational levels.
 Ability to write reports, business correspondence and procedure manuals for a diverse audience.
 Ability to follow detailed written and oral instructions.
 Ability to define problems, collect data, establish facts, and draw valid conclusions.
 Ability to deal with several concrete variables in a variety of situations.
 Able to take and follow directions.
 Able to work independently.
 Ability to prioritize tasks and complete daily job assignments.
 Ability to organize workload to accommodate competing deadlines.
 Ability to work productively and professionally under stress.
 Ability to resolve controversial or delicate matters skillfully and tactfully.
 Ability to respond to common inquiries and complaints.
 Ability to maintain sensitive and confidential information.
 Ability to interact effectively and professionally with colleagues and managers.

WORKING CONDITIONS:

 Ability to work extended hours, including evenings and weekends as needed.
 RCA Clearance Required