Vendor Risk Management Job Description
Vendor risk management
provides direction on the continued development and maintenance of SME’s Information Security management system including Information Security policies, standards and procedures.
Vendor Risk Management Duties & Responsibilities
To write an effective vendor risk management job description, begin by listing detailed duties, responsibilities and expectations. We have included vendor risk management job description templates that you can modify and use.
Sample responsibilities for this position include:
Ensure vendor due diligence questionnaires are appropriate to each deal
Work with Sourcing Managers or directly with business (non-SVM managed categories) to conduct due diligence efforts for high risk vendors
Coordinate on-going annual risk reviews and controls assurance activity
Responsible for satisfactory audit, compliance and regulatory results within FC&FMG
Lead the Supplier Diversity & Supplier/Vendor Risk Management Program to develop and implement program and provide management, oversight and governance of it
Provide strategic direction for Supplier/Vendor Risk Management & Supplier Diversity and adapt strategies to changing circumstances as required
Perform analysis and produce reports with vendor metrics program throughput
Comprehensive documentation of the identified gaps and related risk from the technical from the business perspective
Providing expert support to CIO areas, to manage their regulatory, risk and audit issues
Obtaining all relevant approvals, to support adherence to the VRM process by the SROs (Service Relationship Owners) for the relevant service transactions
Vendor Risk Management Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vendor Risk Management
List any licenses or certifications required by the position: CISSP, CISM, SSAE, CIPP, CISA, ISAE, ISACA, GCFW, GSEC, GIAC
Education for Vendor Risk Management
Typically a job would require a certain level of education.
Employers hiring for the vendor risk management job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Business, Finance, Management, Accounting, Computer Science, Education, Economics, Business/Administration, Information Technology, Technology
Skills for Vendor Risk Management
Desired skills for vendor risk management include:
Cloud computing and understanding of how to assess Cloud related risks
Overall Procurement process and a clear understanding of Technology Risk’s role in that process
Regulatory landscape and its applicability to the vendor ecosystem
Federal regulations regarding service providers
Bank administration
Banking operational policies and procedures
Commonly used concepts
Information security standards and laws
Lending and operations products and services
Practices and procedures within the information security and privacy field
Desired experience for vendor risk management includes:
Proven experience leading and delivering complex cross functional projects, deploying superior people management skills
Strong people management skills with an ability to lead and motivate diverse teams
Two to five years <depending on job salary range> supplier risk management / procurement experience
Demonstrated experience in developing or working with systems / automated Supplier Management solutions
Understanding of supply agreements, contractual terms negotiation and relationship management skills
Ability to develop and maintain internal and external customer relationships
Vendor Risk Management Examples
1
Vendor Risk Management Job Description
Job Description Example
Our company is looking for a vendor risk management. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vendor risk management
- Ensuring appropriate Senior Management awareness/oversight for follow-up’s on action items, to resolve identified issues, for example generation of self-identified finding or audit issue resolution
- Pre-empting changes in the legal/ regulatory environment and supporting and advising Senior Management on the potential impact
- Taking responsibility for the VRM/IGO Process within CTO
- Acting as a delegate for CTO COO
- Providing VRM tool and process guidance to the SROs and the wider CTO team
- Managing the central team initiatives, such as risk reviews, open findings and transaction audits
- Experience of working within regulatory, audit, risk and control functions and the ability to demonstrate RRC expertise at a level sufficient to lead process improvement work and to deliver training and mentoring in IT risk and commercial/vendor risk management areas
- A proven ability to drive assignments autonomously and interact confidently with Senior Management, demonstrating resilience and tenacity
- Able to share information, transfer knowledge and expertise to global team members
- An experienced IT and business change programme and project manager
Qualifications for vendor risk management
- 3-5 years of related business experience preferably in a banking environment
- Operations, auditing, Operational Risk, IT Security, Sarbanes Oxley, Basel and the FDICIA controls
- The preferred candidate should have minimum 2 years of experience in analytics in the risk management, sourcing, business operations, or finance functions
- Responsible for the global end to end vendor screening process, including coordination of and collaboration with other risk groups, BCM, Information Security to ensure timely execution of all the relevant assessments
- Ability to work independently part of a team under pressure to meet deadlines
- Experience with Shared Assessment Program or similar methodologies is a plus
2
Vendor Risk Management Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of vendor risk management. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vendor risk management
- Information Technology Infrastructure Library (ITIL) certified to foundation level, or have the equivalent experience or qualifications
- Leads the implementation of strategic change within the Vendor Risk Assessment team
- Create and maintain the VRM policy, procedure manuals and systems documentation
- Lead cross-functional team in the vendor risk assessment process
- Assess and monitor vendor performance against contractual commitments
- Provide assistance to Card Marketing relationship owners relative to third party onboarding activities, specific to the Preliminary Risk Assessment Questionnaire, ensuring high quality and an appropriate level of due diligence is performed
- Support the business through completion of SME and Quality reviews and partners with Enterprise Contract Solutions through to contract completion
- Complete intake forms in the RAAS system and review risk scores for new vendors
- Drives assigned tasks leveraging IT expertise or outside resources where needed
- Coordinatates between external auditors and staff being audited
Qualifications for vendor risk management
- Excellent teamwork skills the ability to work independently
- Sourcing/Procurement knowledge is a plus
- Previous banking/financial risk management experience strongly preferred
- Previous sourcing, contract and/or vendor management experience strongly preferred
- Knowledge of banking regulations and compliance risk management preferred
- Knowledge of SharePoint and/or RAAS (FIS) a plus
3
Vendor Risk Management Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of vendor risk management. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vendor risk management
- Represent VRM on various internal risk and control committees plus other working groups
- You will support managing the vendor risk assessment framework for the bank
- You will conduct risk screenings and analysis assigned to VRM to identify potential concerns as part of the onboarding process for new vendors
- You will keep track of all open issues and ensure their timely closure
- You will be partnering & actively communicating with other teams within SVM and Contract Owners to provide information on new and existing vendor relationships and guide them through the vendor onboarding due diligence process, including completion of IRQs (inherent risk questionnaires
- Lead Operational Risk Management (ORM) activities related to the Company’s Vendor Risk program
- Review vendor risk assessments and communicate key risks to business areas
- Assist with the development of the enterprise-wide Vendor Risk dashboard
- Assist business owners in managing vendor risks throughout all phases of the vendor relationship life cycle
- Coordinate with subject matter experts to communicate potential key vendor risks to business owners to help ensure responsible risk treatment efforts
Qualifications for vendor risk management
- Strong organizational skills with the ability to prioritize and handle multiple assignments while maintain commitment to deadlines
- Ability to be resourceful in researching issues, solving problems, and offering solutions
- Understanding of operational risks and control frameworks
- Strong creative presentation skills and advanced knowledge of PowerPoint required
- Track record of demonstrating initiative and motivation, working independently and holding him/herself accountable for high levels of performance with minimal supervision
- Good speaking, leadership and team-building skills
4
Vendor Risk Management Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of vendor risk management. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vendor risk management
- Assume liaison role between ORM and Supply Chain Management (SCM)
- Maintain (or assist in the maintenance of) documents related to the Vendor Risk program
- Assist in fulfilling regulatory, client, and legal requests related to vendor risk, as necessary
- Document and communicate due diligence results, residual risks, and ongoing vendor management tasks to business managers
- Address vendor operating events to ensure appropriate remediation plans are prepared by working closely with the business and risk SMEs
- Monitor and review vendor performance reports prepared by business users
- You will build processes and controls which enhance Schwab’s vendor oversight program, and help to develop new ideas based on your interactions with partners and vendors
- You will spend time working with vendors to understand common issues, and help find innovative solutions supporting Schwab business teams achieve business objectives
- You may work with cross functional teams to define new controls and oversight processes
- You may work with the Corporate Vendor Management technology team to enhance tools to support information security industry changes
Qualifications for vendor risk management
- Professional accreditation in IT audit, security, privacy or other related technology disciplines (CISA, CISSP, CIPP, etc)
- Familiarity with external regulations, , DIACAP, HIPAA, Sarbanes-Oxley
- 5+ years of vendor or other third party-related risk management experience, preferably within the financial services industry
- Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., OCC, FFIEC, FCA, FRB, MAS)
- Familiarity with service organization reports (SSAE 16 / SSAE 18 / ISAE 3402) and other industry certifications (e.g., ISO, PCI-DSS, SysTrust)
- Experience reviewing and recommending control-related contractual terms and conditions
5
Vendor Risk Management Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of vendor risk management. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vendor risk management
- You will identify opportunities for process improvements to deliver increasing operational efficiency in the vendor security oversight processes
- You will gain a unique understanding of business, technology and information security resulting in a deeper understating of their complexities, trade-offs and impacts
- You will learn how to analyze and understand highly complex business problems and regulatory requirements that are part of operating in the financial industry
- You will spend time examining and researching security controls and frameworks to understand what it takes to protect Schwab customer and Schwab information
- You will learn how to evaluate applicable security controls to apply against vendor services being provided and applicability of compensating controls for vendor security assessments
- Conduct third party risk assessments to assist in determining their ability to protect confidential and sensitive data
- S/he will act as a subject matter expert, liaise with key business and technology stakeholders to ensure compliance expectations are realized in a timely manner
- Work with Oversight Managers to ensure Security is engaged in projects
- Develop security deliverables based on the security documentations that is provided by the vendor
- Maintains an up-to-date understanding of industry best practices
Qualifications for vendor risk management
- Act in a "Third Party risk Expert" capacity for the Vendor Management team
- Excellent verbal, written and presentation skills and ability
- Administer the vendor risk management process and make confident risk recommendations with respect to the integrity and business stability of new vendors or vendors nearing contract renewal
- Maintain relationships with the third parties to ensure compliance, requesting audit, tests or other evidence
- Maintain an inventory of in‐scope vendor artifacts and report their compliance status as required by stakeholders, management, review boards, regulatory bodies and auditors as necessary
- Distribution and interpretation of compliance questionnaires, analyzing vendor audit reports from various sources, and engaging vendor representatives for additional details regarding security controls