What’s the job?
The Risk & Policy Governance Manager is responsible for managing the third party risk management at Coast within the Enterprise Vendor Management Office (EVMO).
This resource will lead the development and maintenance of the third party risk due diligence process, the Third Party Risk Management Framework (TPRMF) and other third party governance policies at Coast.
In addition, they will facilitate the third party risk assessment process and support control development during the contracting of work with suppliers as well as monitor the risks post-contract, during the life of the supplier relationship.
This resource will adhere to Coast Capital’s risk strategy, appetite, and Third Party Risk Management Framework and will be required to collaborate with all cross functional stakeholders, implementing data collection strategies that result in timely and accurate completion of reporting and audit requests.
In addition, this resource will be responsible for all other policy aspects of EVMO which includes developing process documentation, review and hosting of supplier joint operating procedures and finally ensuring supplier adherence to Coast Capital Savings’ applicable corporate policies.
The incumbent ensures thorough risk analysis is performed by the EVMO team, providing insights to support sustainable business results and / or enable management to make decisions for policy and guideline changes.
What you’ll get to do :
Provides education and training for all managers utilizing the VM program. Provides training and coaching to vendor business owners on the nature of the Vendor Business Owner role including responsibilities and deadlines
EVMO supplier artifact repository for audits and facilitate the annual review of 3rd party risk and vendor management frameworks
Support continuous improvement on the Vendor Management policy encompassing a full vendor management lifecycle. Propose new and review existing policies as they relate to Vendor Management and Third Party Governance Management to ensure compliance with applicable regulations (OSFI, FINTRAC, etc)
Lead and coordinate execution of third party risk management program, including standards, procedures, templates and guides for acquiring and managing vendors.
Creates guidelines for defining, managing and reporting vendor contract obligations. Advises business owners on contract obligation status and facilitates exchange of information with supplier for the business.
Responsible for the creation and storage of supplier artifacts which relate to contract obligations
Understand potential impact of market conditions, economic trends and regulatory environment on credit loan portfolio and recommend new and revised credit policy, underwriting guidelines and risk appetite.
Determines appropriate vendor management tools such as vendor management software to maintain vendor profiles, contacts, contracts, service level agreements, milestones and ticklers.
Continuously improve the third party risk program through research or conference material of latest VM practices and thinking and from feedback from the Coast community
Monitors changes in regulatory requirements and guidelines as they pertain to VM including OSFI guidance on "Corporate Governance" and "Outsourcing of Business Activities, Functions and Processes"
Responsible for implementing quality controls and compliance reviews for business owners and oversees their third party risk management policy and practices in coordination with Group Risk Management, Information Security and Privacy.
Builds and fosters productive, positive and effective working relationships within Coast in order to successfully conduct the VM program aligned to CCS values
Provides information and reporting required by Group Risk - Operational Risk Management function tasked with monitoring opeational risk of the organization
Monitor and enhance risk appetite and metrics for the organization. Manage the evaluation of supplier through the development, production and analysis of appropriate portfolio monitoring tools and reports.
Investigate data anomalies and provide updates to key stakeholders when applicable. Perform other duties as assigned.
Lead the maturity of 3rd party risk management at Coast : responsible for materiality and third party risk assessments.
Conducts initial information security and privacy impact review prior to engaging with subject matter experts for validation of material findings related to risks.
Risk Control - Based on the impact and likelihood of the risks, take action to implement controls to remediate or mitigate risks
Leverage a risk register to track and monitor risks and controls; Provide risk & regulatory compliance (RRC) reporting
Facilitates EVMO risk assessment process through review of third party's SOC or ISO reports, business continuity plan / disaster recovery plan, BCP tabletop tests, penetration tests and proof of insurance.
Ensures that third parties' internal controls and operational practices are in line with Coast Capital standards and expectations.
Partners with Subject Matter Experts in vetting and acquiring new vendors. Typically this would be within the context of a formal project and may involve Requests for proposal and Vendor meetings and demonstrations
Who are we looking for?
Minimum 7+ Years of Job-Related Experience with at least 5+ years related to audit and risk management, or 3rd party risk management experience.
Must have completed an undergraduate degree or diploma requiring 3-4 years of study with a degree in Business, Economics, or a related discipline.
Experience managing audits is a plus.
Certification or designation in risk management or accounting is an asset.