Executive Director - Head Of Third Party Risk Assessments
I was hand-picked to lead the information security, business continuity, financial risk, and security architecture third party risk teams following a corporate restructuring. I managed around 100 direct reports consisting of full-time employees and third-party consultants while overseeing a budget of about $5 million. These teams manage approximately 6,000 third party risk / vendor risk assessments annually. I present findings and suggest direction to key stakeholders and C-suite executives during governance forums.TEAM MANAGEMENTTo manage the increased workload, I implemented line managers by promoting from within to provide an avenue for growth for internal team members interested in overseeing daily operations for the 4 teams.I also oversaw the RFP process for the selection of a managed service provider (MSP).KEY RESPONSIBILITIES• Closed all critical risk gaps 70% by building a remediation team to address remediation gaps in vendor assessments. • Oversaw technology build for a semi-automated system in Archer to manage request processing. Ensured successful migration from spreadsheets to software.• Developed and implemented an onsite program to identify and remediate gaps with our most critical vendors to ensure the firm could maintain operations. • Aligned firm with changes in regulatory compliance and industry standards by managing annual questionnaire and updating vendor risk policy and procedures.• Presented KRIs and risk status at Third Party Risk Governance meetings• Managed the annual updating of third party risk questionnaires based on industry and regulatory best practices• Wrote third party policies and procedures• Monitored third party vendor security posture using continuous assurance services such as Security Scorecard. • Responded to regulatory requests designed to enhance the third party risk program• Implemented enhancements based on second and third line challenges• Managed and developed staff for promotion and growth