Third Party Risk Management Lead

Third Party Risk Management Lead at City National Bank Opportunity Third Party Risk Management (TPRM) Lead is responsible for providing enterprise-wide third party risk management services, defining, implementing, and maintaining a risk framework, operating model, policies, procedures, governance, and oversight programs for all lines of business and subsidiaries. CNB has established the TPRM program as a second line function to manage third party risk effectively and efficiently. The lead ensures the program meets regulatory guidance, aligns with CNB’s parent company, and incorporates changes as necessary. What You’ll Do In partnership with the TPRM Program Manager, develop a successful implementation plan. Assist with the development and execution of a TPRM risk framework, policies, and procedures. Direct assessments on key controls and overall compliance with the TPRM program, ensuring timeliness, completeness, and accuracy of risk assessments. Provide risk‑consulting services to first‑line third‑party risk managers for complex arrangements. Develop risk analysis and reporting, including risk metrics, for dissemination to technology leadership, risk management committees, CNB’s parent holding company, and regulators. Streamline processes for risk identification and assessment, control assessment, testing, and issue management. Lead continuous improvement activities and initiatives for TPRM, working with stakeholders, subject‑matter experts, and exception reporting to define issues, determine root causes, and implement appropriate changes. Identify and assess requirements for CNB’s GRC system to increase automation, process effectiveness, and efficiency. Review SSAE 18 reports for CNB’s third parties and evaluate completeness, appropriateness, and impact to support Sarbanes‑Oxley, FDIC, and SOC programs. Manage coordination of assignment of resources based on demand, capacity, and subject‑matter expertise, augmenting internal staff with external resources as needed. Ensure appropriate escalation of issues to first‑line and senior management as required. Qualifications Minimum 7 years of third‑party risk management, assurance, or oversight experience. Minimum 4 years of experience in risk and controls for information technology and cybersecurity, scoping assessments, providing credible challenges, and performing assurance testing. Minimum 4 years working with a GRC system, incorporating continuous improvement for the system and process. Comprehensive knowledge of third‑party and information technology risk management processes and methodologies. Experience using third‑party risk management or GRC systems. Experience assessing contracts (master service agreements, statements of work, license agreements). Experience assessing cloud servicing arrangements. Knowledge of and experience in designing governance, frameworks, and processes to comply with vendor/third‑party risk regulatory requirements (OCC 2013‑29, Fed SR 13-19, or other applicable regulations). Hold or quickly obtain an industry‑recognized third‑party risk management or vendor management certification. Excellent oral and written communication skills; experience performing detailed and executive‑level documentation. Advanced knowledge of Microsoft Office (Excel, PowerPoint, SharePoint). Experience with reporting platforms such as Tableau, SQL scripts, and Microsoft SSRS (desirable). Compensation Starting base salary: $99,000 – $176,000 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions. Benefits and Perks Comprehensive healthcare coverage (Medical, Dental, Vision) available the first of the month following start date. Generous 401(k) company‑matching contribution. Career development through tuition reimbursement and other internal upskilling and training resources. Valued time‑away benefits (vacation, sick, volunteer time). Specialized health and family planning benefits (fertility, cancer, diabetes, musculoskeletal support programs). Career mobility support from a dedicated recruitment team. Colleague resource groups to support networking and community engagement. About City National Bank Since day one we’ve gone further than the competition to help our clients, colleagues, and communities flourish. City National Bank was founded in 1954 and is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies. Inclusion and Equal Opportunity Employment City National Bank fosters an inclusive environment where all forms of diversity are valued and leveraged. We are an equal‑opportunity employer; all qualified applicants receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected basis. It is unlawful in Massachusetts to require or administer a lie‑detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Represents basic qualifications for the position. To be considered for this position, you must at least meet the required qualifications. Careers.cnb.com accepts applications on an ongoing basis until the position is filled. Seniority Level Not Applicable Employment Type Full‑time Job Function Finance and Sales Industry Banking #J-18808-Ljbffr