About the Role
The Third-Party Risk Program Manager provides Second Line of Defense support for the Enterprise Risk Management Program (ERM). The incumbent is responsible for all aspects of and will provide oversight, guidance and challenge to the company’s Third-Party Risk Management (TPRM). The candidate will establish and enhance the Third-Party Risk Framework, draft and maintain TPRM policies and standards, develop and execute TPRM annual work plans, and conduct periodic risk assessments. They will also assess, monitor and track TPRM lifecycle activities, ensure documentation completeness, and prepare aggregated TPRM reports on risk data and analysis.
Essential Functions
Third Party Risk Management Framework
Establish and enhance the Third-Party Risk Framework, including the appropriate process and training that is commensurate with regulatory requirements and to effectively manage third party risks
Maintains the third-party inventory, including current relationship owner assignment, classification based upon business impact, collection of current due diligence, and issue management.
Update third party risk management policies and procedures
Collaborates with business line management third-party relationship owners to influence key decisions
Develop and execute a third-party risk annual work plan to review and challenge risk identification, assessment, control evaluation and testing activities
Adheres to a consistent risk rating methodology for controls that aligns with the Enterprise Risk Management Standards
Conduct periodic risk assessment of third-party risks
Stays informed of emerging risks and TPRM regulatory expectations and industry best practices.
Third Party Risk Management Lifecycle and Implementation of TPRM Second Line Review
Manage incoming prospective vendor engagement requests and work with internal stakeholders to confirm the completeness and accuracy of information, ensure due diligence is performed.
Coordinate with cross-functional review teams to ensure reviews are incorporated into the final vendor assessments
Follow-up with third parties regarding incomplete due diligence information or follow-up questions required to complete assessments
Perform risk assessments on prospective and existing vendors in accordance with the company’s Third-Party Risk Management Policy and procedures
Identify, develop, and monitor issues and track through to completion
Leverage existing tools and processes to conduct periodic and ongoing monitoring of vendors
Support vendor risk reporting for management and committees, as required
Provide third party risk management guidance to lines of business staff, as needed.
Ensure the completeness of the central documentation of the company-wide third-party population
Prepare aggregated third-party risk report
Keep abreast of current industry tools, trends, and regulatory requirements
Review contracts and ensure appropriate confidentiality agreements are in place
Risk Assessment
Assist with new product management risk assessment process
Assist with RCSA quarterly review in the expertise of third-party risk management
Addresses assigned issues with the business line owner, including root cause analysis, mitigation plan creation, progress tracking, and verification of completion
Reviews internal department policies, standards, and procedures to validate compliance with the appropriate regulatory and business requirements.
Other
Supports regulatory examination and audit preparation
Complete compliance training related to the position in a timely manner.
Understand and comply with applicable laws and regulations that apply to the position.
Safeguard First Financial and customer information.
Comply with the bank’s Code of Business Conduct and Ethics and Information Security policies.
Perform other duties and special projects, as assigned.
Actively participate in the service culture, support the values of the organization, and follow established Bank policies and procedures.
Requirements
Minimum Qualifications
- Three (3) to five (5) years’ experience required.
- Strong understanding of risk management requirements, processes, and practices for a regulated financial institution.
- Good proficiency with technology such as PCs and software/web-based products.
- High proficiency in Microsoft Suite of products especially Word and Excel.
- High degree of self-motivation and ability to work autonomously.
- Strong client relationship management and customer service.
- Excellent written and verbal communication skills and ability to interact well with internal and external stakeholders.
Preferred Skills
- Bachelor’s Degree preferred.
- Risk related certification(s), such as Certified in Risk and Information Systems Control (CRISC), ABA Certificate in Operational Risk Management, Certified Third Party Risk Professional or Certified Regulatory Vendor Program Manager is preferred, but not required
- Knowledge of operational risk management and assessment, regulatory and compliance, general IT risk/IT operation as well as business lines and workflow in financial/banking industry is required
About the Company
First Financial Bankshares, Inc. is recognized as one of the nation's most financially secure banking institutions, with assets totaling $14.3 billion. The Company operates eight banking regions with 79 convenient locations, plus a Trust Company with nine convenient locations, all to serve customers in Texas markets stretching from Hereford in the Panhandle to Orange in Southeast Texas.