Vendor Risk Specialist

Compensation Grade:

BASIC PURPOSE:

ESSENTIAL FUNCTIONS:

• Assist with the operation of program processes, procedures, and workflows

• Perform continuous program analysis and develop process improvements, where necessary

• Assist with the enforcement of department policy guidelines

• Assist the evaluation of inherent and residual risk utilizing established integrated risk frameworks

• Gather testing evidence for internal and external audits (Internal, SOX, Regulatory)

• Gather data points for key performance indicator reporting

• Maintain workflows and artifacts in vendor risk management system

• Schedule, prepare, and conduct regular training sessions with key stakeholders

• Prepare reports for governance oversight committees

• Liaison with other departments to champion vendor risk management best practices

Other responsibilities of this position may include, but are not limited to:

Vendor Management:

• Facilitate vendor risk management training

• Facilitate inherent and residual vendor risk assessments to ensure vendors and procured products/services align to the Bank's risk appetite assisting with identification and assessment of risks for remediation

• Perform control report (i.e. SOC, ISO, PCI-DSS) and contract reviews

• Perform control mapping

• Partner with business units to facilitate periodic vendor performance reviews

• Perform residual vendor risk assessments

• Monitor risk register processing and track risk response

• Develop and maintain enterprise level reports for the vendor risk management program as necessary

• Assist the Vendor Manager with on-boarding and off-boarding activities as necessary

Records Management:

• Backup the Records manager on outside destruction pick up days

• Assist the Records Manager as necessary

KNOWLEDGE, SKILLS, ABILITIES:

• Ability to work with all levels of management and across business units and departments.

• Be an advocate for change with a high level of initiative, creativity, and motivation

• Ability to positively contribute and look for opportunities to improve upon existing process or procedures

• Possess a high standard of ethics and operate with integrity and professionalism

• Ability to drive results with minimal oversight

• Effective time management and ability to prioritize

• Good written and oral communication and influencing skills

• Desire for continued industry education through the pursuit of certifications and/or training

• Experience with vendor/contracts management and/or records/information management solutions is a plus

• Understanding of general control frameworks and the ability to analyze data and interpret results

• Familiarity with industry frameworks and standards, such as NIST CSF, COBIT5/2019, SOX, COSO, ITIL, FFIEC, FAIR, SSAE18 is a plus

• Ability to lift up to 20 lbs

MINIMUM REQUIREMENTS:

Bachelor's degree in related field and/or equivalent work experience of at least two years (total) supporting vendor management or records management programs, as applicable, performing risk or control assessments/audits, or performing architecture reviews desired.

Industry certifications such as CRVPM, CTPRP, CRMP, ICRM, CEDS, CIPP or equivalent is a plus

Work Location:This individual must reside within commuting distance from ourAtlanta, GAoffice.

Work Schedule:Onsite with an opportunity to work remote partially.

Visa Sponsorship: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

We are an equal opportunity employer.