Third Party Risk Management Lead

Third Party Risk Management Lead

WHAT IS THE OPPORTUNITY
Third Party Risk Management (TPRM) Lead is responsible for providing enterprise‑wide third‑party risk management services, including leading the definition, implementation, and maintenance of a risk framework, operating model, policies, procedures, governance, and oversight programs for all lines of business and subsidiaries. The program ensures regulatory compliance, aligns with CNB’s parent company, and adapts to changes.

WHAT WILL YOU DO?

• In partnership with the TPRM Program Manager, develop a successful implementation plan.
• Assist with the development and execution of an TPRM risk framework, policies and procedures.
• Direct assessments on key controls and overall compliance with the TPRM program.
• Provide risk‑consulting services to first‑line third‑party risk managers for complex arrangements.
• Develop risk analysis and reporting, including risk metrics, for dissemination to technology leadership, risk management committees, CNB’s parent holding company, and regulators.
• Streamline processes for risk identification and assessment, control assessment, testing and issue management.
• Lead continuous improvement activities and initiatives for TPRM with stakeholders and subject‑matter experts.
• Identify and assess requirements for CNB’s GRC system to increase automation and process effectiveness.
• Review SSAE 18 reports for third parties and evaluate completeness, appropriateness, and impact on ASN, SDICA, and SOC programs.
• Manage coordination of resources based on demand and capacity, augmenting internal staff with external resources as necessary.
• Escalate issues to first line and senior management as required.

WHAT DO YOU NEED TO SUCCEED?

Required Qualifications

• Minimum 7 years of third‑party risk management, assurance and/or oversight experience.
• Minimum 4 years of experience in risk and controls for information technology and cybersecurity.
• Minimum 4 years working with a GRC system, incorporating continuous improvement.

Additional Qualifications

• Comprehensive knowledge of third‑party and IT risk management processes.
• Experience using GRC systems.
• Experience assessing contracts (MSA, SOW, license agreements).
• Experience assessing cloud servicing arrangements.
• Knowledge of vendor‑management regulatory requirements (e.g., OCC 2013‑29, Fed SR 13‑19).
• Current or obtainable third‑party risk management or vendor‑management certification.
• Excellent oral and written communication skills.
• Advanced knowledge of Microsoft Office (Excel, PowerPoint, SharePoint).
• Experience with reporting platforms such as Tableau, SQL, SSRS.

Compensation

Starting base salary: $99,000 – $176,000 per year, with variability based on skills, experience, and location. Eligible for bonus and/or commissions.

Benefits and Perks

• Comprehensive healthcare coverage, including medical, dental and vision plans, effective the first of the month following start date.
• Generous 401(k) company matching contribution.
• Career development through tuition reimbursement and internal upskilling resources.
• Time‑away benefits including vacation, sick, and volunteer time.
• Specialized health and family‑planning benefits (fertility, cancer, diabetes, musculoskeletal support).
• Career mobility support from a dedicated recruitment team.
• Colleague resource groups for networking and community engagement.

Inclusion and Equal Opportunity Employment

City National Bank fosters an inclusive environment and is an equal‑opportunity employer. All qualified applicants will receive consideration without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, veteran status or other protected status. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. The employer shall be subject to criminal penalties and civil liability for violation.  

accepts applications until the position is filled.