The Vendor Risk and Compliance Supervisor is responsible for leading the Vendor Risk Management team in the oversight of activities related to vendor risk management. The goal of the program is to ensure business owners consider, understand, and monitor their respective vendor's organizational strategic fit, risk management controls, current financial conditions and potential changes, as well as, ensure adherence to compliance with regulatory and contractual requirements, delivery of agreed upon performance levels, and alignment of VCI priorities with vendor priorities. The Supervisor should identify and communicate to their Manager any identified associated risks of vendor provided processes.
- As the program matures, Identify, categorize and evaluate vendors , using a “Risk-Based Standard“, for potential or current service providers; delivering the information to the VRM Sub-Committee a risk-based ranking of business critical issues. Based upon Risk Classification, complete analysis of risk factors for VCI's vendors and ensure the respective business owners are monitoring, reviewing, and mitigating risk associated with service providers using the following risk factors: Regulatory Compliance, Legal, Transactional, Financial Stability, Market Reputation, Operational, Business Continuity/Disaster Recovery, and Information Security.
- Create and institute policies and procedures to conduct onsite risk analysis for strategic and consumer facing vendors.
- Lead and complete risk analysis for onsite assessments, with the assistance of the business, for VCI's consumer facing vendors, ensuring consistent execution.
- Maintain a process for the resolution of conflicts, misunderstandings and differences in contractual interruptions between the vendor and VCI organizations.
- Working with the appropriate business user and experts, ensure that for any identified risks that require mitigating action, including vendor disengagement, a plan is developed and executed that indicates the process and/or service involved, the outgoing vendor, the replacement vendor, the anticipated timeline, measurable milestones, expected completion date and the plan for contingencies should an orderly transition not occur.
- Ensure all vendors are classified and assessments completed in accordance with the VRM policy.
- Ensure all vendor relationships are documented in the VRM system and all contracts related to vendors that provide outsourced services are uploaded in the system in accordance with the VRM policy.
- Manage the functionality of the VRM system which is VCI's central repository for vendor contracts and related documents and is the record of all vendor due diligence and issue management.
- Influence, provide leadership and guidance to the business, Legal, Compliance, Purchasing, and other stakeholders to ensure requirements of VRM are fully understood.
- Work with the, Legal, Compliance, Information Risk Management, Purchasing, and Internal Audit to ensure consideration of third party risk within their own risk domain framework.
- Monitor compliance with VRM Policy and General Procedures.
- Maintain detailed VRM Policies and Procedures.
- Ensure a robust communication and training plan to facilitate the effective application and awareness of VRM across senior management, the business, and applicable stakeholders.
- Maintain established relationships with the Business and applicable stakeholders to ensure proper execution and compliance with VRM policies and procedures.
- Ensure compliance and operational risk controls are in accordance with VCI and/or regulatory standards and policies; and optimize relations with regulators by addressing any issues.
- Provide to senior leadership reporting of vendor evaluation, identifying all areas of material risk and the potential source of the identified risk.
- Provide to the VRM Sub-Committee reporting identifying those vendors and/or processes which represent the greatest threat of risk to the organization.
- Develop and provide reporting of all unresolved conflicts, misunderstandings and differences in contractual interruptions, as well as the planned course for resolution, including the source of dispute; the parties involved, anticipated timelines, measurable milestones and expected resolution date
- Ensure obligatory OFAC checks are completed for current and prospective vendors.
- 7-10 – Overall Financial Services experience
- 3 years – Vendor Risk Management
- 3 years – Financial Analysis, including cost/benefit studies
- 5 years – Experience managing service providers/supplier relationships. Experience (or leadership) in enterprise initiatives such as SAP implementations, business re-engineering, process improvement, or other relevant initiatives.
- Bachelor's Degree
- Master's degree in Business Administration
- Analytical and conceptual thinking – using logic and reason, creative, and strategic
- Communication skills – interpersonal, presentation, and written
- Influencing and negotiation skills
- Problem solving
- Organized, detail-oriented with ability to understand big picture
- Resource management
- Computer savvy – skilled in the use of software
- Financial Analysis
- Service provider relationship management
- Risk Analysis
- Basic Knowledge of Federal regulations regarding service providers
- Process Outsourcing Management
- Contract Management
- Working knowledge with RSA Archer
- Travel 25% of the time
We are proud to be an EEO employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.