Third-Party Risk Management Officer
1 day ago
New York
Job DescriptionThis role is located in New York City and will require a hybrid work schedule of at least 2 days in office per week. This role is for Assistant Vice President level candidates. About the BankSumitomo Mitsui Trust Bank, Limited was established through the merger of The Sumitomo Trust and Banking Co., Ltd with Chuo Mitsui Trust and Banking, Ltd. on April 1, 2012. We are one of the largest asset managers in Asia and number one among Japanese financial institutions by AUM, with approximately $850 Billion USD in AUM. The Bank provides an assortment of financial solutions and manages a broad spectrum of financial products across its global branches. Department Overview: The Americas Division (“AD”) was established in the Sumitomo Mitsui Trust Bank, Limited, New York Branch) (“SMTBNY”) to perform corporate functions and supervise U.S. entities. Established under the AD are the “Global Banking Unit (“GBU”), Americas Division” and “Global Markets Unit (“GMU”), Americas Division” which performs business functions. Management (“MGT”) applies advanced knowledge of the Bank to implement processes and procedures and achieve strategic goals. The Americas Business Management Department (ABMD) has been established within the Global Business Planning and Management Department, to further strengthen our Bank’s management structure in the Americas, enhance operational efficiency, and ensure compliance with evolving U.S. regulatory requirements. The ABMD is part of our group-wide efforts to strengthen U.S. governance and overseas risk management, in consideration of the increasing regulatory thresholds such as the $50BN level under the FBO regulations. ABMD will support the Combined U.S. Operations (CUSO) which includes Americas Division, Sumitomo Mitsui Trust Bank, Limited, Sumitomo Mitsui Trust Bank (U.S.A.) Limited, Sumitomo Mitsui Trust Asset Management Americas, Inc and Amova Asset Management Americas, Inc. Your Role Overview: The Third-Party Risk Management (TPRM) Officer is responsible for supporting the SMTB Americas Division (“AD”) enterprise-wide third-party risk management program within the Second Line of Defense. The role provides oversight, effective challenge, and monitoring of third-party relationships throughout the vendor lifecycle to ensure compliance with applicable regulatory requirements, internal policies, and risk management standards. The TPRM Officer works closely with vendor owners, Administration, Information Security, Compliance, Operational Risk, Legal, Planning and other stakeholders to evaluate, monitor, and report risks associated with vendors, service providers, affiliates, and other third parties. This role supports the SMTB AD’s ability to identify, assess, mitigate, monitor, and report third-party risks in accordance with US federal banking regulations, State of NY regulatory expectations while aligning with SMTB Head Office policies and required oversight. As SMTB AD continuously enhances its vendor management processes and third-party risk oversight, the TPRM Officer will be responsible for identifying, designing and working with stakeholders to implement enhancement opportunities. The Third-Party Risk Officer will also be part of the U.S. level SMTG ABMD team and ensure all CUSO entities have an effective third-party risk management program, establish a U.S. Third Party Risk Framework and provide reporting to the U.S. Chief Risk Officer and U.S. Risk Committee, along with other local and Head Office teams. Your Duties and Responsibilities: Third-Party Risk Governance, Oversight and Regulatory Support • Lead the execution and continuous improvement of SMTB AD’s Third-Party Risk Management Framework, policies, standards, procedures, and related governance processes., • Perform independent second-line review (along with other second-line teams) and challenge of third-party risk assessments, due diligence reviews, onboarding activities, monitoring activities, and termination processes., • Ensure third-party risk management activities align with applicable regulatory requirements, including Federal Reserve, FFIEC, and NYDFS expectations, along with Head Office policies and requirements., • Assist in maintaining SMTB AD’s inventory of third-party relationships and associated risk classifications., • Support regulatory examinations, internal audits, and independent reviews relating to third-party risk management., • Participate in periodic reviews of program effectiveness and regulatory change management activities. Vendor Onboarding and Contracting Support • Provide oversight of onboarding activities to ensure compliance with internal standards and regulatory requirements., • Review risk-based due diligence packages before onboarding approvals., • Work with the vendor owner, Legal and other stakeholders to ensure contracts and service agreements include the required risk management provisions – including: audit rights, regulatory access provisions, information security requirements, confidentiality and data protection obligations, business continuity and disaster recovery expectations, performance standards and service level agreements, incident notification requirements and termination/transition provisions. Ongoing Monitoring and Risk Reporting • Support ongoing monitoring of third-party relationships based on risk tiering and criticality and ensure an appropriate monitoring framework is in place within the overall TPRM Framework., • Review periodic performance reports, service level metrics, cybersecurity assessments, financial health reviews, audit reports, control assessments, and regulatory developments., • Escalate emerging risks, control weaknesses, and material issues to management as appropriate., • Support preparation of third-party risk reporting (including key risk indicators) for committees and senior management. Issue Management • Work with Administration, Planning and other stakeholders to maintain a centralized tracking of remediation activities and corrective action plans., • Assist in remediation efforts associated with examination findings, audit observations, and risk assessments. Vendor Termination and Offboarding/Exit Planning • Review vendor termination activities to ensure risks are appropriately managed through contract expiration, termination, or transition., • Work with vendor owner, Administration, Planning and other stakeholders to verify completion of required offboarding activities, including data return or destruction, access revocation, transition planning, and documentation retention., • Assess residual risks associated with vendor exits and transition arrangements. SMTG ABMD (CUSO-level) • Work with each CUSO entity to ensure the entity maintains an effective third-party risk management program, framework and required oversight as mandated by their specific regulators and aligned with their risk profile., • Establish and maintain a U.S. Third Party Risk Framework, ensuring each CUSO entity is aware and aligned with the U.S. framework, • Work with each CUSO entity to understand current gaps, remediations and emerging risks related to both their Third Party Risk program and processes, as well as critical third parties. Your Qualifications: • Bachelor’s degree in Business Administration, Finance, Risk Management or related field., • Minimum of four (4) years of experience within a banking organization’s Third-Party Risk Management, Vendor Risk Management, Operational Risk, Procurement, Vendor Compliance, or related function., • Proficiency in risk management within regulated financial institutions subject to Federal Reserve, OCC, FDIC, FFIEC, SEC or NYDFS oversight., • Experience performing third-party risk assessments, vendor due diligence reviews, working with Legal on the review of vendor contracts, supporting vendor onboarding and risk-based approval processes., • Experience reviewing and monitoring third-party relationships throughout the vendor lifecycle, along with issue tracking and remediation oversight., • Experience preparing risk reports, management reporting, and documentation for audits or regulatory examinations., • Knowledge of operational risk, cybersecurity risk, information security controls, business continuity, and regulatory compliance considerations related to third-party relationships., • Excellent computer skills in Microsoft Office including Excel, Word, and PowerPoint., • Excellent interpersonal skills, good oral and written communication skills., • Good organizational and multitasking skills. Why you should join SuMi Trust:SuMi Trust embraces flexible ways of working when the business and role permits. We provide employees with a hybrid working model, allowing for in-office work and work from home. Our diverse and inclusive environment along with our global presence enables us to collaborate and communicate to meet our business needs. We believe that efficient teams need truth, loyalty, and a strong sense of purpose to balance risk and their targets. We make sustainable business decisions to improve our society and the world. We believe that each person brings a unique value that drives the business though their creativity and passion. • The Employee Benefits package includes: Paid Time Off, medical, HSA, vision, dental, FSA, 401(k), profit sharing, legal plan, cancer indemnity plan, disability insurance, life insurance, employee assistance program, commuter benefits, business travel accident, paid volunteer day, paid memberships, paid seminars, and tuition assistance., • We offer many socialization opportunities for wellness, financial wellbeing, runs/walks, team building, happy hours, and activities to support the Sustainable Developmental Goals. Check out our LinkedIn for our employee experience: https://www.linkedin.com/company/smtbny We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SuMi Trust provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application