girl looking into her desktop
Back to search results

Third Party Risk Compliance and Operational Risk Manager

Charlotte, North Carolina;

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:

• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

This role is responsible for the design & execution of GCOR coverage of enterprise information security management of third parties, including third party assessment execution and other monitoring and testing including but not limited to third party operational findings remediation, mapping of third party standards to assessments, and other cybersecurity-related third party management activities.

Required and desired skills/qualifications:

- 5+ years experience in risk, information security and/or technology for a financial services organization, or 8-10 years experience in cybersecurity, or cybersecurity-related degree
- Strong background and understanding of information security concepts, processes and operations.
- Experience and knowledge of application and infrastructure security requirements.
- Knowledge of key technology rules and regulatory requirements for IT risk management practices for financial institutions, such as FFIEC Guidelines, Vendor Management Requirements, or similar
- Experience in writing and communicating assessment conclusions and outcomes to key executives and regulators.
- Ability to translate technical issues, application weaknesses and security control gaps into Compliance and Operational Risk points of view.
- Ability to communicate action plans and remediation requirements for identified areas of risk and key issues.
- Relationship management skills and ability to interface confidently with associates of all levels, including senior executives
- Ability to influence at all management levels in a complex organization
- Strong ability to self-direct work and to identify appropriate coverage activities for key areas of focus.
- Familiarity and general knowledge of the enterprise business areas and functions.
- Excellent written and verbal communication skills.

Job Band:

H4

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:

• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

This role is responsible for the design & execution of GCOR coverage of enterprise information security management of third parties, including third party assessment execution and other monitoring and testing including but not limited to third party operational findings remediation, mapping of third party standards to assessments, and other cybersecurity-related third party management activities.

Required and desired skills/qualifications:

- 5+ years experience in risk, information security and/or technology for a financial services organization, or 8-10 years experience in cybersecurity, or cybersecurity-related degree
- Strong background and understanding of information security concepts, processes and operations.
- Experience and knowledge of application and infrastructure security requirements.
- Knowledge of key technology rules and regulatory requirements for IT risk management practices for financial institutions, such as FFIEC Guidelines, Vendor Management Requirements, or similar
- Experience in writing and communicating assessment conclusions and outcomes to key executives and regulators.
- Ability to translate technical issues, application weaknesses and security control gaps into Compliance and Operational Risk points of view.
- Ability to communicate action plans and remediation requirements for identified areas of risk and key issues.
- Relationship management skills and ability to interface confidently with associates of all levels, including senior executives
- Ability to influence at all management levels in a complex organization
- Strong ability to self-direct work and to identify appropriate coverage activities for key areas of focus.
- Familiarity and general knowledge of the enterprise business areas and functions.
- Excellent written and verbal communication skills.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21064357

Band: H4

Manages People: No

Travel: No

Manager:

Talent Acquisition Contact:

James Henry

Referral Bonus:

0