Summary of Responsibilities

This function is part of the 2nd Line of Defense and is responsible for the oversight of the 1st Line of Defense Office of Supplier Management. Responsibilities include, but are not limited to, the review of vendor portfolio exposures across the enterprise to identify and assess inherent risks through ongoing and initial due diligence.

This role is expected to be able to work independently, with minimal supervision, under the direction and support of the VP Third Party Risk Management and Oversight.

Essential Functions:

  • Analyses and oversees oversight program of vendor procedures and metrics within the supplier portfolio.
  • Reviews internal as well as external key TPRM reports that are used to support the goals of SC’s operational risk agenda and aggregating operational risk metrics. 
  • Manages identified training to mitigate issues with the third party risk process.
  • Analyzes industry trends for risks and opportunities.
  • Presents analysis to management in a clear, concise and actionable format.
  • Examines policies and standards across Legal Entities and verifies for compliance. Provides management information to appropriate stakeholders including Risk and Control Self-Assessment (RCSA).
  • Supervises QA processes to evaluate effectiveness of the Third Party Risk program as administered and managed by the 1st Line of Defense.
  • Escalates key Third Party Risk exposures.
  • Develops strong relationships with vendor relationship managers to ensure visibility to and understanding of key vendor risk areas.
  • Identifies opportunities to enhance, develop, and implement the defined third party risk and supplier oversight program for the company. 
  • Engages and coordinates input from Compliance, Internal Control and Information Security areas. Documents results of due diligence, residual risks and ensures risks are understood by the organizations Office of Supplier management, Third Party and vendor relationship managers.
  • Facilitates completion of remediation activities with business management, arising from risk assessments and reviews performed.
  • Develops and mentors team to raise skill levels and standards within the group
  • Special projects as requested
  • Performs other duties as assigned


  • Bachelor’s degree required. Masters preferred.
  • Five (5) to seven (7) years of experience in one or more of the following:  risk management, operational risk, vendor risk management, quality assurance, or governance and policy
  • One (1) to three (3) years management experience.
  • Strong understanding of vendor risk management in a financial services company preferred.
  • Experience working within MIS/reporting, risk management and data management functions.
  • Knowledge of Archer, Hiperos, or other similar eGRC technology (SAP, iGRC, etc.),
  • Good understanding of the finance industry’s regulatory requirements for the managing of third parties (FFIEC, Fed, etc.)
  • Working knowledge of third party contractual terms and conditions.
  • Strong analytical, technical and problem solving skills, with attention to detail.
  • Strong written and verbal presentation skills and ability to communicate well with senior management
  • Ability to manage issues through to resolution
  • Strong team building, relationship management, and project management.
  • Strong business analysis and problem solving skills. Ability to easily manipulate and analyze a broad range data.
  • Demonstrable professional integrity and a strong work ethic.
  • Ability to maintain confidentiality.

Working Conditions:

  • Extended working hours may be required as requested by management and business needs.
  • Ability to realign workflow to respond to special reports/projects upon request
  • Travel to multiple facilities may be required.
  • May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
  • May be required to sit and review information on a computer screen for long periods of time.
  • May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
  • Corporate / satellite office role.

Employer’s Rights:

This job description does not list all the duties of the job.  You may be asked by your supervisors or managers to perform other duties.  You will be evaluated in part based upon your performance of the tasks listed in this job description.

The employer has the right to revise this job description at any time.  This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.