Third Party Risk Manager

Position PurposeThe Third-Party Risk Manager is the second line of defense leader responsible for assisting the Bank with the identification, onboarding, and ongoing due diligence compliance requirements for all Third-Party Vendors. The Third-Party Risk Manager ensures that Capital Bank meets regulatory requirements as defined in the Federal Financial Institutions Examination Council ("FFIEC") Manuals as well as the standards promulgated by the Office of the Comptroller of the Currency ("OCC") including but not limited to OCC Bulletin 2013-29, "Third-Party Relationships: Risk Management Guidance, and OCC Bulletin 2020-10, Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29.The Third-Party Risk Manager works with the Bank's senior leaders to identify business requirements; review the approved third-party vendor universe to identify whether an existing relationship can be expanded; send requests for proposal to appropriate outside third parties, when applicable; compile a scorecard of responses received; and present the final package to the Bank's Senior Leaders for their decision. The Third- Party Risk Manager is responsible for appropriately documenting the onboarding of the selected vendor on a risk adjusted basis in accordance with the Board of Director approved Third-Party Risk Management Program.The Third-Party Risk Manager also ensures annual third-party due diligence requirements are completed timely. The Third-Party Risk Manager offboards those third-party vendors who are no longer approved or for whom the contracts are terminated, thus ensuring the entire third-party lifecycle is appropriately managed and timely completed. This position has visibility and access to the Bank's senior leaders and Executive Management. The successful candidate must be able to effectively communicate with each of these senior and executive leaders, as well as our third line of defense internal auditors and the Bank's federal regulators.In addition to the leadership provided over the Third-Party Risk portfolio, the Third-Party Risk Manager will also assist the SVP, Enterprise Risk Management ("ERM") with the reporting packages for New Product and Services Committee, Enterprise Risk Management Committee, and the Board of Directors. This role also has an opportunity to assist the SVP, ERM with selected risk assessments throughout the year.Position ResponsibilitiesLeads the Bank's second line of defense Third-Party Risk Management Program ("TPRM")Ensures the Bank's Third-Party Program, Policy, Standards, internal controls, and workflows are designed on a risk adjusted basis in accordance with applicable regulationsDefines Service Level Agreements ("SLAs") with the Third-Party Owners ("TPOs") and ensures that all internal SLAs are metServes as TPRM Subject Matter Expert in ensuring that third party risk ratings are accurate and that the risk adjusted requirements for a successful onboarding are identified and clearly communicated with the TPOs at the beginning of the onboarding processReviews all Third-Party documentation received from the TPO to ensure it meets the Board approved TPRM requirements and works directly with the TPO to timely address any documentation gaps or information requested but not yet received to successfully complete the onboarding programEnsures the Third-Party Risk workflow is followed and all other departments who need to review and approve the onboarding of the new vendor is completed within defined SLAs.Maintains a complete and accurate TPRM document repository with all up-to-date vendor documentation and information including contracts, agreements, assessments, insurance, scorecards, due diligence documentation, vendor policies and procedures, etc.Reviews the Third-Party Risk Analyst's data entry into the TPRM repository, and reviews all output to ensure data integrity and data completeness within the repository for each vendorEnsures that all ongoing annual due diligence and deadlines are communicated to the TPO well in advance, allowing sufficient time for vendor responses and TPO documentation to be received by the annual review deadlinesProvide Third-Party Risk Reporting to the Bank's Enterprise Risk Management Committee and Board of Directors, as requestedChampions TPRM throughout the organization including ongoing training to TPOs and monitoring of the changing regulatory landscape as it pertains to TPRMResponsible for ensuring that contract termination notification deadlines are communicated in advance to the TPOs and to ensure successful "offboarding" of vendors whose contracts are not renewedWorks with the TPO to ensure contingency plans are in place for critical third-party vendors.Collaborates with the Chief Information Security Officer on Business Continuity/Disaster Recovery matters to ensure all critical and high-risk third-party vendors are included in the Bank's Disaster Recovery Plans.Participate on TPRM related projects.Other duties as assigned.Minimum Education & Experience5+ years in Third-Party/Vendor Risk Management within the Financial Services Industry, either as an employee or outsourced third-party risk manager requiredBachelor's degree in accounting, finance, business administration, or related fieldProfessional certification desired, but not requiredSubject Matter Expertise in Third Party Risk Regulations, including but not limited to OCC Bulletins 2013-29 and 2020-10, and the Federal Financial Institution Examination Council "FFIEC", requiredFamiliarity with enterprise risk management frameworks, methodologies, etc desired, but not requiredExperience in managing a Third-Party Risk GRC platformExperience in partnering with senior leaders and Executive Management to execute on business requirements for third-party vendors to assist with the Bank's corporate strategic goalsExperience in training on Third-Party Risk regulations, program requirements, and internal controlsExperience in developing Board and Executive level Third-Party Risk reports and presentationsExperience in all Microsoft Office suite of applicationsOtherAbility to travel as needed.ComplianceIt is the responsibility of each bank staff member and of management to adhere to policies and procedures designed to implement compliance with the laws and regulations to which the bank is subject. Each bank staff and management member shall be accountable for understanding how compliance with laws and regulations affects the performance of their day-to-day duties, for completing compliance training as assigned and for carrying out those duties in a manner to achieve compliance with those laws and regulations.The above mentioned are intended to describe the general nature and level of work performed rather than to be an inclusive list of all duties, responsibilities and skills required for the position. Job duties may be changed at any time at management's discretion. The job description is not intended to create contractual obligations of any kind.Capital Bank, N.A. is an Affirmative Action and Equal Opportunity Employer

#J-18808-Ljbffr