Job Description

Job Details
Description
Primary Duties & Responsibilities

• Support the implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements.
• Provide guidance to internal stakeholders to ensure requirements of VRM are fully understood.
• On-board existing and new High Risk vendors into the Vendor Management System
• Initiate and manage vendor communications related to due diligence questionnaires and other document requests
• Collect and analyze data received from vendors
• Input vendor-related data into the Vendor Risk Management system.

• Work with business owners, internal stakeholders, and vendors to ensure documentation is up-to-date throughout the vendor lifecycle

• Manage tracking in the Vendor Risk Management system.
• Prepare risk assessment reports for vendors identified as High Risk.
• Update existing reports on a periodic basis.
• Serve as lead for monitoring risk incidents, remediation resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring
• Escalate risk issues to the appropriate individuals, as needed.
• Communicate risk-related issues and resolution management with specific vendors.
• Develop and maintain metrics reports related to vendor groups.
• Work with internal teams to analyze and resolve potential issues.
• Evaluate vendor performance against service level agreements
• Provide documentation for external audit requests
• Assist with vendor off-boarding, as needed
• Perform any other job related assignments, as requested, with reasonable accommodation.

• Bachelor’s degree in Business or related field
• Minimum 3 years related work experience in vendor management, vendor risk management, and/or strategic sourcing and procurement required
• Practical knowledge of risk management software/applications (e.g., OneTrust, Bitsight, Venminder)
• Working knowledge of service level agreements and/or contractual requirements
• Ability to interpret information security data and processes to identify potential compliance and/or issues
• Excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group
• Proficiency with Microsoft Office productivity applications (Word, Excel, PowerPoint)
• Amenable to working flexible hours
• Strong organizational and project management skills.

• Shared Assessments’ Certified Third Party Risk Professional (CTPRP)or Certified Third Party Risk Assessor (CTPRA) certification
• Experience working as a member of (or with) a corporate compliance or information security group.
• Sharp critical thinking skills, sound judgment, and decision-making ability.
• The ability to work both collaboratively and independently.
• Proven ability to work in a fast-paced environment where the client is always first.
• Ability to learn Milliman’s business and unique structure and culture.