Lead - Risk Management ( Third Party Risk - VAC )

Responsibilities:

• He/ She will perform third party risk assessments on new and existing third parties on an enterprise-wide basis.
• Preparation of detailed and summary reports of assessment, including customized reports, as needed. 
• Work as a Subject Matter Experts (SME) and with other SMEs within the Operational Risk Office, IT, Law, Privacy, Compliance, Sourcing, and Treasury, to develop and apply risk assessment criteria (aligned with corporate Policy)
• Work directly with internal business partners to assist them in effectively managing their operational risks related to identification of potential risks in business processes, applications, systems, associated with third party engagements. 
• Work with IT, Sourcing, and Law to ensure compliance and integration of third party risk management lifecycle elements.
• Ability to perform contract reviews of redlines and approve/reject changes.
• Identify and measure the risks faced a business area, process, or workflow based on facts, business environment, and practicality and perform appropriate due diligence to ensure identification and management of risks.
• Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetite and tolerance.
• Work directly with new and existing third party vendors to assess risk controls to ensure data is adequately safeguarded
• Promote awareness and enhance our internal service model that informs the business of key risks in a timely manner so as to limit unnecessary impediments and avoid bureaucracy.
• Contribute to building of training program for internal business partners on due diligence process as well as their obligation in ongoing monitoring.

Competencies/Skills:

• Experience in large companies and/or complex environments, or providing professional consulting services for them.
• Demonstrated leadership skills that instill trust and confidence with an ability to influence execution
• Demonstrated abilities in problem-solving and analysis: identifies issues, analyzes information to assess root cause and relationships, risks, and potential risk responses.
• Proven ability to synthesize and summarize complex data into concise recommendations and reports.
• Excellent written and verbal communication skills to deliver the "whole message" in a concise, persuasive, and succinct manner
• Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a fast-paced environment-with only periodic supervision.
• Ability to work collaboratively and manage and initiate effective cross-functional relationships maintaining a high level of professionalism, self-motivation and a strong sense of urgency
• Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries, and analyses.  Experience with GRC tools (e.g., Archer) is a plus.
• Competency in customer focus, change & innovation, strategic thinking, relationship building & influencing, talent management, results focus and inspirational leadership.
• Ability to manage effectively and work closely with business leaders in a high pressure, fast paced, highly collaborative environment with multiple deadlines and competing priorities 

Knowledge:

• Ability to conduct thorough third party risk assessments, through application of established criteria.
• Strong understanding of the principles of risk management, information security and their relationship to corporate governance activities such as operational risk assessment and organizational impact
• Clear understanding of industry standards risk analysis approaches: ISO, COBIT, COSO, as well as regional standards and regulations; Sarbanes Oxley, Basel II, GLBA, HIPAA and crisis management/business resiliency practices.
• Demonstrated consistent credibility as a subject matter expert with business partners and leadership while recommending initiatives, identifying gaps, and potential issues
• Collaborate with internal partners and third parties to mitigate and otherwise resolve third party risks influencing business decisions, and applying professional judgment for selecting the appropriate methods and techniques
• Strong analytical and problem solving skills and attention to detail
• Possesses and builds on knowledge of operational risks and trends relevant to financial services and insurance staying abreast of current and pending regulatory and compliance requirements
• Provide virtual leadership and guidance to the analyst level team on best practice and continuous improvements for processes, assessments, and other operational activities.
• Strong knowledge of and experience in risk management and internal controls required spanning fraud, legal liability, regulatory, privacy, information and cyber security, reputational harm, business resiliency, theft of assets, financial losses, and errors/omissions.

Education and Experience: (Identify types and length of education and experience needed to acquire the necessary skills and knowledge to accomplish the desired end results.)

• Solid background both educationally and via professional experience.
• No less than 5 years professional experience in business operations, project/program management, risk management, information security, business analytics, and/or similar.

Education:

• BS/BA degree, Advanced Degree preferred or equivalent experience
• Certification in risk management and/or third party risk management preferred

Experience:

• 5 + years of Operational and/or Third Party Risk Experience required 

This position can be based in any of the following locations:

Current Guardian Colleagues: Please apply through the internal Jobs Hub in Workday