Job Description

Third Party Risk & Oversight is responsible for the execution of BNY Mellons Third-Party Risk Management (TPRM) activities at an enterprise level, including risk assessments, due diligence and ongoing monitoring of third parties. The function is responsible and accountable for the execution of third-party risk management activities globally.

Description

As a Third-Party Risk Assessor, you will assess third partys control environments, including escalation and remediation of identified third party issues with line of business partners, while providing robust and challenging insight on business risk, and on the adequacy and effectiveness of the third partys controls.

The team is seeking a dedicated, passionate and self-starting team member, with a desire to produce high quality work product to differentiate and drive firm wide risk identification and mitigation.

Responsibilities include, but are not limited to:

t
* Perform risk assessments by analyzing questionnaires such as third-party engagement profiles and due diligence evaluations.
t
* Subject Matter Expert in key third party risk domains
t
* Evaluate third party control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to: ISO 27001, SIG, SOC reports, as well as Privacy, Compliance, Business Resiliency, Cyber and other risk domains
t
* Analyze third party risk data, including exit strategies and performance scorecards
t
* Liaise with key business partners and team members to facilitate risk analysis to identify appropriate criticality of third parties
t
* Manage required artifacts, perform quality control reviews, and support the end to end processing of third-party assessments
t
* Develop working knowledge of the Bank of New York Mellons operations and business services, as needed, to execute due diligence reviews and other risk activities
t
* Contribute to the Third-Party Risk & Oversight program execution and adherence, including process enhancements and remediation efforts, as applicable

Responsible for maintaining the global vendor framework. Supports change management processes to achieve outsourcing management consistency and embed an effective risk management culture while meeting all regulatory and legal requirements. Independently enacts policies to achieve results that satisfy the requirements of relevant regulators. Is responsible for developing and implementing a consistent and robust process to sustain compliance with all local regulatory and legal requirements, providing transparency and comfort to the relevant lines of business and ensuring continued high levels of service delivery. Implements all aspects of the unique strategy and direction for vendor and interaffiliate governance, control and risk related matters.

Qualifications

Required Skills / Experience:

t
* Experience in TPRM and performing third party risk assessments is required
t
* Experience reviewing third party information in a variety of methods e.g. interviews, meetings, review of processes, manuals, and documentation is required
t
* Experience managing and responding to Audit and Regulatory inquiries
t
* Knowledge of Information Security Principles including encryption, firewalls, DLP solutions required
t
* Ability to plan, organize, prioritize and drive workload autonomously
t
* Experience driving solutions and working as part of a flexible high performing team
t
* Outstanding interpersonal, written, and communication skills

Qualifications:

t
* 7-10 years of total work experience
t
* 3+ years of third-party risk assessment experience
t
* Bachelor's degree and relevant work experience is required
t
* Advanced Excel and data analytical skills is preferred
t
* Process optimization experience is preferred
t
* Risk Assessment certifications (e.g. CTPRA, CTPRP, etc.) is strongly preferred
t
* Fluent in other languages including Portuguese or German is preferred