Vendor/Information Risk Function Overview:
The Vendor/Information Risk Management team within IT is a key control function within the overall Risk Management process at Bank of Ann Arbor. We are responsible for reviewing and assessing security controls of third parties to ensure the security and integrity of our data while in the possession of our vendors and partners. As part of the ongoing third party assessments performed we identify issues, assign appropriate risk ratings, and document them according to our Issue Management process.
Summary of Duties:
The Director Risk Management position supports the management of strategic vendor relationships within the Company. You will be responsible for ensuring Bank of Ann Arbor data remains secure and all risks, vulnerabilities and defects are managed, tracked, and re-mediated according to our processes and policy. You will drive assessment and remediation activities across our vendor population.
- Have experience with risk management processes, along with an understanding of the following: IT risk, security architecture, external/internal audit, and accepted security frameworks/standards (e.g. NIST, ISO, etc.).
- Conduct risk assessments for vendors, identify and document control gaps, and present results to support management action, escalation, and risk acceptance processes
- Partner with businesses across the enterprise to evaluate the information security risks associated with their vendor engagements.
- Review vendor due diligence materials (i.e. SSAE 16 reports, penetration testing reports, etc.), identify potential issues, and follow up for unresolved issues.
- Interpret, identify, and prioritize risk based on impact and likelihood.
- Work directly with key partners to: facilitate information risk analysis and risk management processes; identify acceptable levels of risk; and establish roles and responsibilities with regards to information risk management.
- Partner with various support groups and vendors to resolve appropriate risk remediation activities to address identified risks.
- Validate evidence from vendors prior to closing out remediation plans.
- Develop Senior Management reports including defining and tracking program based metrics (e.g., assessments completed within SLA, challenges, etc.).
- In partnership with our key internal partners (Vendor Management, Procurement, Legal, etc.), identify process and technology enhancements to drive efficiencies.
- Ensure close coordination with Audit/Compliance on aligning risks, issues, enterprise reporting, etc.
- To lead and execute the vendor management strategy for the bank.
- An understanding and working knowledge of successful business practices and current computer, Information Technology, Telecommunications Infrastructure including Internet commerce.
- Experience leading and participating in technical and cross-functional projects are often part of the task asked to perform in many of the detailed projects executed.
- Experience with IT audits, Disaster Recovery, Risk assessments, and Information Security.
- Experience in problem solving, process improvement methods, and business re-engineering methods.
- Use of Strong communication, presentation and facilitation skills required.