3 Days Left: TPRM Issue Management

Job Description

Role Summary

State Street uses third parties to support internal processes and to assist in delivery of products and services to clients. To effectively manage the risks introduced by working with third-party service providers, State Street has a Third-Party Risk Management (TPRM) program which established the policy and standards for conducting risk assessments and related governance activities. To support the global team conducting these activities and the internal functions they support, the TPRM Findings Management team has primary oversight of the all-third-party findings identified enterprise-wide. The successful candidate will demonstrate a strong grasp of multiple risk disciplines and related control expectations pertaining to the financial services industry, particularly in the cyber, resiliency, and compliance spaces.

Job Duties and Responsibilities

- Review and challenge issues and remediation plans related to third-party engagements. Responsible for challenging the accuracy and quality of the documentation captured in Archer, the consistency of the issue rating, design of remediation activities and appropriateness of target dates in light of the risk exposure.
- Reviewing materials in support of issue closure or risk acceptance. Verify that evidence submitted with the closure request adequately supports completion of all remediation plan(s), including evidence of operational implementation. For risk acceptance, confirm approval documentation is complete and accurate in Archer.
- Follow-up with issue owner and internal risk teams to facilitate timely closure/risk acceptance of open issues and periodic reassessment of risk acceptances.
- Assist with MIS / reporting, ensure actionable reporting to business units and manage escalations.
- Lead targeted initiatives across the enterprise to address process challenges and improvements.
- Coordinate with IT system resources for data enhancement and system enhancements to meet the organizational needs for tracking and resolving third-party issues.
- Flexibility in working outside of direct responsibilities to support emerging TPRM program requirement changes.

Skills

- Good understanding of information security and operational risks present in the financial services industry, and best practice controls to mitigate them.
- Demonstrated stakeholder management skills and ability to work collaboratively with first and second line.
- Strong verbal and written communication skills, including ability to confidently interact with senior internal and external individuals, critically analyze their assertations and, if needed, disagree or challenge in a professional manner.
- Analytical capabilities to review findings data, identify trends, and support development of management reports.
- Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels.
- Willingness to support change and initiatives within the TPRM Program.
- Possess a strong, customer-centric mindset.
- Ability to multi-task and operate in a fast-paced, deadline-oriented environment
- Must be self-motivated, adaptable and demonstrate initiative in difficult circumstances
- High ethical standards

Qualifications

- Bachelor's degree or equivalent work experience with a focus in information security, risk management, compliance
- Overall work experience within financial services sector (7+ years)
- Strong working knowledge of Microsoft Excel Power BI is a plus
- Subject matter expertise and proven track record in managing third party risks preferred
- Industry certifications like Certified Information Systems Security Professional (CISSP), Certified Third Party Risk Professional (CTPRP), Certified Regulatory Vendor Program Manager (CRVPM), Six Sigma-Certified is a plus
- Knowledge of regulation and standards such as MAS, FRB, EBA, OCC, NIST, ISO is a plus.

---