TPRM Governance, Operations, and Reporting Manager
SouthState Bank · Winter Haven, FL · 3 wk ago
ResearchFull-time
Duties & Responsibilities
- Lead the governance framework for the TPRM Program, assuring alignment with regulatory expectations (e.g., OCC guidance), third party risk management best practices, internal policies, and integration of emerging risks.
- Develop, maintain, and enhance TPRM policies, standards, and procedures to support a consistent control environment across the bank.
- Lead the execution of the TPRM Program Strategy, Roadmap, and Workplan.
- Develop and deliver training for the TPRM team and business stakeholders across the bank to assure a clear understanding of the TPRM Program, roles, responsibilities, and expectations.
- Identify and execute TPRM reporting and metrics, including the development of dashboards and executive-level reporting that provide clear visibility into third-party risk exposures, trends, and program performance.
- Establish and monitor key risk indicators (KRIs), key performance indicators (KPIs), issue, exception management processes to support timely identification, escalation, and remediation of third-party risks.
- Oversee governance over critical and high-risk vendors, including oversight of risk profiles, risk tiering, segmentation, and alignment to business resiliency and concentration risk frameworks.
- Partner with cross-functional stakeholders (e.g., SOX, MRM, AIGA, Legal, Compliance, IT, and Business Units) to promote adherence to TPRM requirements and embed risk management practices into third-party lifecycle activities, and to identify opportunities to improve the TPRM Program.
- Identify, develop, and maintain TPRM technologies, including use of Artificial Intelligence (AI) capabilities, to perform TPRM responsibilities.
- Oversee TPRM vendor inventory and reconciliations.
- Oversee the vendor exit strategy and fourth party framework.
- Lead and facilitate internal audits and regulatory examinations by providing documentation, analysis, and responses related to third-party risk assessments.
Qualifications
- Education Requirements: Bachelor’s Degree
- Minimum Experience Required: Third-party risk management experience that includes Compliance, Information Security, Technology, and Operational process assessments, including 5 or more years recent third-party risk management activities, audit, or related activity.
- Demonstrated understanding of the Third-Party Risk Management life cycle and risk assessment activities.
- Broad knowledge of the Three Lines of Defense Risk Management and Controls Assessment Models.
- Strong business focused decision making and problem-solving skills.
- Excellent interpersonal and leadership skills with a demonstrated ability to establish relationships with senior management across all business units.
- Provide ability to maintain confidentiality regarding sensitive information.
- Familiarity with Governance, Risk, and Compliance suite of tools, preferably Acher.
- Familiarity with using AI capabilities, preferably Copilot.
- Preferred: Knowledge of banking industry practices and regulatory requirements.
- Knowledge of information security concepts, practices, tools to effectively assess security risk, recommend risk mitigation activities, and communicate to the business unit.
- Experience with using Artificial Intelligence capabilities to support risk assessments or related activities.
- Licenses & Certifications: At least one of the following: Certified Third-Party Risk Management Professional (C3PRMP), Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified in Risk and Information Systems Control (CRISC).