Senior Manager-Enterprise Third- Party Risk Management

Application Deadline:

04/03/2024

Address:

111 W Monroe - 115 S LaSalle

Job Family Group:

Audit, Risk & Compliance

This opportunity will allow you to work on exciting projects within operational non-financial risk and have direct visibility to top leaders within our organization. If you have Third-Party risk management experience especially Third-Party cyber / tech risk and/or cloud risk management experience, consider applying to this dynamic opportunity. Working within a dynamic team, and with engaged 1st and 2nd line subject matter experts (SMEs), you will be responsible for supporting and overseeing Third-Party Risk Management practices at BMO with a focus on Third-Party cyber security and tech risk management practices. Skills and experience in identification, analysis, monitoring and reporting of risks (especially cyber/tech risks) posed by vendors are key to succeeding in this role and we look forward to hearing about your experience in this area.

Mandate:

As part of the 2nd line of defense, this role supports the following primary accountabilities of the Enterprise Third-Party Risk Management team:

• Provide strategic input into business decisions as a trusted advisor

• Make recommendations to senior leaders on strategy and new initiatives, based on an in-depth understanding of the business/group.

• Develop, implement, and maintain the Third-Party Risk Management Framework and other related requirements used across the enterprise to ensure Third-Party Risks are appropriately identified, assessed, managed, monitored, and reported.

• Provide oversight and 2nd line effective challenge to ensure the Third-Party Risks, especially Third-Party Cyber Security, Cloud and Technology risks are being identified, assesses, managed, and reported in accordance with applicable Regulatory and Governance requirements

• Act as subject matter expert on relevant Third-Party regulations and policies

Responsibilities:

Provide thought leadership in development of sound Third-Party Risk Management practices

• Promote and support BMO's risks culture and operational resilience ensuring employees understand their accountabilities for risk-taking activities as they relate to Third-Party Risk, promoting an environment of open communication and effective challenge

• Support development of Third-Party Risk Appetite Statements and related metrics for the Enterprise, ensuring compliance with Risk Appetite Framework;

• Support development and implementation of relevant policies, standards, directives, frameworks and requirements relating to management of Third-Party Risk

• Provide input on development of Third-Party Cyber Security and Technology related frameworks, processes, and practices

• Research and provide thought leadership on current and emerging methodologies to quantify Third-Party Risk (and other non-financial risks)

• Support 1st and 2nd Lines to appropriately identify, assess, measure, and manage Third-Party Risk across their portfolios

• Collaborate with all risk experts and stakeholders to ensure appropriate coverage and scrutiny of Third-Party Risk (especially Third-Party Cyber Security and Technology Risks) across all risk registers, libraries, forums, and committees

• Support remediation of Audit and Regulatory issues and findings relating to the design of the Third-Party Risk Management policies, standards, frameworks, and requirements

Provide 2nd line oversight and effective challenge to ensure sound management of Third-Party Risk

• Provide oversight to ensure that Third-Party Risk across the Enterprise remains within the established risk appetite, and that internal controls are appropriately designed and implemented, and are operating effectively

• Support development, enhancement and implementation of oversight methodologies that rely on data analysis, data aggregation, trend analysis to monitor the control environment related to Third Parties

• Support development and implementation of testing methodologies to maintain oversight over Third-Party risk-taking activities, with specific focus on Third-Party Cyber Security and Technology Risks

• Provide input and effective challenge to ensure projects, initiatives and other change activities appropriately consider Third-Party Risks

• Provide input and effective challenge over Key Risk Indicators used to monitor Third-Party Risks

• Provide input and effective challenge to ensure that issues and operational risks events relating to Third-Party Risks are appropriately remediated within set timelines

• Provide subject matter expertise and guidance on specific operational risk events, recommending solutions for management of Third-Party Risks that are commensurate with the materiality and complexity of the event

Provide effective 2nd line oversight and effective challenge to ensure sound Operational Risk Management within the Procurement

• Understand industry trends and regulatory requirements relating the Vendor Management, and articulate 2nd Line of Defense positions on these (to share with Senior Leadership and 1st Line Risk Experts of these functions)

• Provide thought leadership and subject matter expertise on all Operational Risk Categories (AML, Legal, Compliance etc.) for Procurement

• Provide oversight and 2nd line effective challenge to ensure all operational risks within the Procurement functions are appropriately managed

• Ensure Operational Risks from risk taking activities within Procurement functions are identified, assessed, measured, managed and reported within a consistent framework of robust internal controls

• Support development of, and provide effective challenge over development of Process, Risk and Control Libraries for Procurement

Provide subject matter expertise and unique insights

• Work with Cyber and Technology Risk Management subject matter experts to provide subject matter expertise on Third-Party related elements relating to these risks

• Gather, assemble and analyze internal and external data to drive unique insights to identify risks, and recommend improvements TPRM management programs

• Develop and implement relevant parameters for reporting of the Third-Party Risk profiles for individual operating groups and the Enterprise

Relationship Management and Internal Integration

• Develop and maintain effective relationships with 1st and 2nd line business partners involved in management and oversight of Third-Party Cyber and Technology Risks

• Build collaborative relationships with Operational Risk Officers, and other risk management groups and subject matter experts across the organization

Promote effective working relationships with Regulators

• Anticipate and prepare for emerging regulatory developments, and support maintenance effective relationships with regulators

• Promote communication of regulatory engagement standards and best practices

• Participate in industry groups to influence development of regulatory requirements

Qualifications:

• Undergraduate university degree, and Graduate degree or Professional Designation

• 7-10 years of relevant experience in financial services or supply chain management in other industries

• In-depth knowledge of Third-Party Management lifecycle and related risk management standards, methodologies, and practices.

• Experience related to Third-Party Cyber Security and Technology risk management, risk reporting, controls testing, and policy development is an asset

• Industry recognized qualifications/certification in Cyber Security and Technology Risk Management (CISSP, CISA, CISM, CRISC and/or CTPRP) is an asset

• Experience in oversight of Vendor Cyber and Technology Risk is an asset

• Sound knowledge of multi-jurisdictional regulatory environments and trends related to Third-Party Risks

• Experience with policy writing, data analysis or risk reporting is an asset

• Experience with business intelligence tools e.g. Microsoft BI is an asset

• Exposure to retail/wholesale banking is an asset

Skills:

• Leadership, organization, and planning ability

• Relationship management, communication and presentation skills

• Strong ability to influence others

• Consistent ability to produce exceptional quality output and manage competing deadlines, priorities, accountabilities and constraints.

• Excellent execution skills and change management capabilities.

• Ability of identify and effect appropriate risk governance and control mechanisms

Compensation and Benefits:

$100,000.00 - $185,500.00

Pay Type:

Salaried

The above represents BMO Financial Group's pay range and type.

Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. Salaries for part-time roles will be pro-rated based on number of hours regularly worked. For commission roles, the salary listed above represents BMO Financial Group's expected target for the first year in this position.

BMO Financial Group's total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards. BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans. To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards

We're here to help

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.

As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one - for yourself and our customers. We'll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we'll help you gain valuable experience, and broaden your skillset.

To find out more visit us at http://jobs.bmo.com/us/en

BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other's differences, we gain strength through our people and our perspectives. BMO is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.

Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes.