Director Vendor Risk Management
Bank of Hawaii · Honolulu, HI · 2 mo ago
FinanceFull-time
Responsibilities
- Strategic Program Leadership: Leads the development and implementation of the TPRM framework, operating model, and governance structure.
- Aligns third-party risk strategy with enterprise goals, regulatory expectations, and evolving market dynamics.
- Oversees program maturity initiatives and ensures consistent execution across business units.
- Technology Enablement & Process Optimization: Directs the design and enhancement of vendor risk systems, tools, and analytics platforms.
- Ensures data integrity, system scalability, and integration with enterprise risk architecture.
- Champions automation and process reengineering to improve efficiency, transparency, and scalability.
- Stakeholder Engagement & Risk Advisory: Builds strategic partnerships with legal, compliance, IT, procurement, and business operations leaders.
- Provides expert consultation and training on vendor risk policies, lifecycle management, and emerging threats.
- Facilitates cross-functional alignment to ensure consistent application of risk practices and controls.
- Regulatory Compliance & Audit Leadership: Maintains deep knowledge of global regulatory frameworks and industry standards governing third-party risk.
- Serves as the primary liaison for internal and external audits, assessments, and regulatory inquiries.
- Maintains compliance and resilience by monitoring emerging risks and proactively adjusting strategies.
- Risk Intelligence & Strategic Reporting: Synthesizes complex vendor data into actionable insights for executive decision-making.
- Develops and delivers strategic dashboards, board-level reports, and risk narratives.
- Identifies systemic trends and emerging threats to inform enterprise risk posture and strategic planning.
Qualifications
- Bachelor’s degree in financial audit, accounting, business, or a related field from an accredited institution is required.
- Minimum 12 years in financial regulatory risk, internal or external auditing, or information security—preferably within the financial services industry.
- Foundational knowledge across key risk disciplines including information security, business continuity, data privacy, legal and regulatory compliance, and general business risk.
- Subject matter expertise in at least one of these areas is required.
- Minimum 5 years of people management experience.
- Proficiency in Microsoft Office applications or similar software.
- Experience with Microsoft Project or similar project management tools is preferred.
- Familiarity with vendor risk or governance, risk, and compliance (GRC) tools such as ServiceNow, BMC, Archer, AuditBoard, or RiskRecon.
- Knowledge of standards such as SOC 1, SOC 2, PCI, NIST, or ISO 27001.
- Ability to lead enterprise risk programs and influence senior leadership.