This job has expired, please see additional jobs below
Vendor Risk Manager
Sumitomo Mitsui Financial Group
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Overview
Primary responsibility to provide end to end Vendor Risk Management Program as well as champion and implement the process improvement to ensure that initiatives are implemented with increased success rate (time, cost, and quality) and efficiencies through repeatable processes / governance. The Vice President of Vendor Risk Management will ensure all subsidiaries’ cross functional groups have delivered on their milestones to successfully integrate risk products and services. Reporting responsibilities include status updates for all vendor risk management projects on a consistent basis which includes communication regarding critical decisions, development status updates, risk and monthly metrics and audits. Lastly, The Vice President is a strong influencer within SMBC functional organization, acting as a change agent, and managing through sometimes unclear levels of autonomy and empowerment.
The Vendor Risk Manager has the leadership responsibility for all vendor risk management assessment; Vendor Contractual Risk Assessment and Financial Composite Risk Assessments for SMBC Bank Service Providers and subsidiaries. The Vendor Risk Manager is responsible for coordinating all organization activities with vendor risk management implications.
Responsibilities
Vendor Risk Manager provides the following performance monitoring and program oversight components:
• Evaluate the overall effectiveness of the SMBC Service Provider relationship and the consistency of the relationship with SMBC’s strategic goals
• Review any licensing or registrations to ensure the SMBC Service Provider can legally perform its services
• Evaluate the SMBC Service Provider’s financial condition at least annually; financial review should be as comprehensive as the credit risk analysis performed on the institution’s borrowing relationships; audited financial statements should be required for significant SMBC Service Provider relationships
• Review the adequacy of the SMBC Service Provider’s insurance coverage as applicable
• Review the SMBC Service Provider’s financial obligations to others and make observations as to their performance
• Review audit reports or other reports of the SMBC Service Provider, and follow up on any needed corrective actions
• Review the adequacy and adherence to the SMBC Service Provider’s policies relating to internal controls and security issues
• Monitor for compliance with applicable laws, rules, and regulations
• Review the SMBC Service Provider’s business resumption contingency planning and testing
• Assess the effect of any changes in key SMBC Service Provider personnel involved in the relationship with SMBC
• Review reports relating to the SMBC Service Provider’s performance in the context of contractual requirements and performance standards, with appropriate follow-up as needed
• Assess the adequacy of any training provided to employees of SMBC and the SMBC Service Provider
• Review testing programs for SMBC Service Providers with direct interaction with customers
• Review customer complaints about the products and services provided by the SMBC Service Provider and the resolution of the complaints
• Meet as needed with IT representatives of the SMBC Service Provider to discuss performance and operational issues.
Qualifications
To be effective as a Vendor Risk Manager, extensive experience (10yrs plus) is required in a variety of related areas such as Information Technology, Risk Management, Application Development, Networking, Encryption, Business Continuity, Compliance and Regulatory.
In the Information Security field, the required breadth and depth of knowledge is evaluated primarily via the CISSP (Certified Information System Security Professional) certification. The exam for this certification can only be taken by individuals that have a proven level and number of years of experience within the relevant disciplines.