Job Description

:

• The, Third Party Risk Professional will perform third party risk assessments on new and existing third parties on an enterprise-wide basis
• Preparation of detailed and summary reports of assessment, including customized reports, as needed.
• Work as a Subject Matter Experts (SME) and with other SMEs within the Operational Risk Office, IT, Law, Privacy, Compliance, Sourcing, and Treasury, to develop and apply risk assessment criteria (aligned with corporate Policy)
• Work directly with internal business partners to assist them in effectively managing their operational risks related to identification of potential risks in business processes, applications, systems, associated with third party engagements.
• Work with IT, Sourcing, and Law to ensure compliance and integration of third party risk management lifecycle elements.
• Ability to perform contract reviews of redlines and approve/reject changes.
• Identify and measure the risks faced a business area, process, or workflow based on facts, business environment, and practicality and perform appropriate due diligence to ensure identification and management of risks.
• Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetite and tolerance.
• Work directly with new and existing third party vendors to assess risk controls to ensure data is adequately safeguarded
• Promote awareness and enhance our internal service model that informs the business of key risks in a timely manner so as to limit unnecessary impediments and avoid bureaucracy.
• Contribute to building of training program for internal business partners on due diligence process as well as their obligation in ongoing monitoring.

Qualifications:
The Third Party Risk Professional is responsible for project administration, tracking, monitoring and response coordination on Policy, Operational Risk assessments, Internal Audit, Third Party Risk Management and regulatory compliance items. The role will be based in India.
The Third Party Risk Professional will perform third party risk assessments on new and
existing third parties on an enterprise-wide basis
l
Preparation of detailed and summary reports of assessment, including customized reports,
as needed.
l
Work as a Subject Matter Experts (SME) and with other SMEs within the Operational Risk
Office, IT, Law, Privacy, Compliance, Sourcing, and Treasury, to develop and apply risk
assessment criteria (aligned with corporate Policy)
l
Work directly with internal business partners to assist them in effectively managing their
operational risks related to identification of potential risks in business processes,
applications, systems, associated with third party engagements.
l
Work with IT, Sourcing, and Law to ensure compliance and integration of third party risk
management lifecycle elements.
l
Identify and measure the risks faced a business area, process, or workflow based on facts,
business environment, and practicality and perform appropriate due diligence to ensure
identification and management of risks.
l
Counsel and guide business partners in identifying risks and potential risk mitigation
alternatives commensurate with the risk identified and consistent with risk appetite and
tolerance.
l
Work directly with new and existing third party vendors to assess risk controls to ensure
data is adequately safeguarded.
Promote awareness and enhance our internal service model that informs the business of
key risks in a timely manner so as to limit unnecessary impediments and avoid
bureaucracy.
l
Contribute to building of training program for internal business partners on due diligence
process as well as their obligation in ongoing monitoring

Competencies/Skills:
Demonstrated leadership skills that instill trust and confidence with an ability to influence
execution
l
Demonstrated abilities in problem-solving and analysis: identifies issues, analyzes
information to assess root cause and relationships, risks, and potential risk responses.
l
Proven ability to synthesize and summarize complex data into concise recommendations
and reports.
l
Excellent written and verbal communication skills to deliver the "whole message" in a
concise, persuasive, and succinct manner
l
Proven ability to balance multiple priorities, adapt to a constantly changing business
environment, work independently, drive projects to completion, and meet deadlines in a
fast-paced environment-with only periodic supervision.
l
Ability to work collaboratively and manage and initiate effective cross-functional
relationships maintaining a high level of professionalism, self-motivation and a strong sense
of urgency
l
Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio)
and other business software to prepare reports, memos, summaries, and analyses.
Experience with GRC tools (e.g., Archer) is a plus.
l
Competency in customer focus, change & innovation, strategic thinking, relationship
building & influencing, talent management, results focus and inspirational leadership.
l
Ability to manage effectively and work closely with business leaders in a high pressure, fast
paced, highly collaborative environment with multiple deadlines and competing priorities

Knowledge:
Ability to conduct thorough third party risk assessments, through application of established
criteria.
l
Strong understanding of the principles of risk management, information security and their
relationship to corporate governance activities such as operational risk assessment and
organizational impact
l
Clear understanding of industry standards risk analysis approaches: ISO, COBIT, COSO,
as well as regional standards and regulations; Sarbanes Oxley, Basel II, GLBA, HIPAA and
crisis management/business resiliency practices.
l
Demonstrated consistent credibility as a subject matter expert with business partners and
leadership while recommending initiatives, identifying gaps, and potential issues

Collaborate with internal partners and third parties to mitigate and otherwise resolve third
party risks influencing business decisions, and applying professional judgment for selecting
the appropriate methods and techniques
l
Experience in reviewing Service and Organization Controls (SOC) reports, internal policy
documents, etc. for contents and completeness
l
Possesses and builds on knowledge of operational risks and trends relevant to financial
services and insurance staying abreast of current and pending regulatory and compliance
requirements
l
Provide virtual leadership and guidance to the analyst level team on best practice and
continuous improvements for processes, assessments, and other operational activities.
l
Strong knowledge of and experience in risk management and internal controls
required spanning fraud, legal liability, regulatory, privacy, information and cyber security,
reputational harm, business resiliency, theft of assets, financial losses, and
errors/omissions.
l
Education and Experience: (Identify types and length of education and experience needed to acquire the
necessary skills and knowledge to accomplish the desired end results.)
l Solid background both educationally and via professional experience.
l 3+ years of IT Risk and/or Third Party Risk experience control evaluation required
Education:
l Degree/Masters preferred or equivalent experience
l Certification in risk management and/or third party risk management preferred

Location:
This position can be based in any of the following locations: Chennai