Knowledge, Skills, and Abilities:
Demonstrated ownership of a third-party or vendor risk management program, including end-to-end lifecycle management from onboarding through termination.
Experience with partner banking, BaaS, or fintech-bank relationships; familiarity with the unique oversight requirements of bank-fintech programs is strongly preferred.
Proven ability to engage vendors directly — conducting reviews, communicating risk findings, and driving remediation through external relationships.
Hands-on experience authoring TPRM policies, risk assessment frameworks, due diligence questionnaires, and vendor risk reports.
Working knowledge of applicable regulatory guidance, including OCC Bulletin 2013-29, FDIC FIL-44-2008, and the 2023 Interagency Guidance on Third-Party Relationships.
Strong organizational and project management skills; ability to manage a large vendor portfolio with competing priorities and deadlines.
Excellent written and verbal communication skills; comfort presenting risk findings to senior management, the board, and external examiners.
Education, Training, and Experience:
Bachelor’s degree required; concentration in Finance, Business, Risk Management, or a related field preferred.
Minimum of 6 to 8 years of experience in third-party risk management, vendor oversight, or operational risk within the financial services industry; experience at a partner bank, BaaS provider, or fintech is strongly preferred.
Relevant certifications such as CTPRP (Certified Third Party Risk Professional), CRISC, or CISA are a plus.
Own and manage the bank’s third-party risk management program end-to-end, including framework design, policy authorship, oversight calendar, and ongoing execution across all vendor tiers.
Serve as the primary point of contact for vendor-facing communications — conducting due diligence meetings, periodic oversight reviews, and issue escalation discussions directly with third-party representatives.
Design, maintain, and refine the vendor risk rating and tiering system, including inherent risk scoring, criticality classification, and residual risk assessment for the full third-party portfolio.
Author and maintain TPRM policies, procedures, assessment templates, and due diligence questionnaires; ensure all documentation remains current with regulatory guidance and industry standards.
Manage vendor alerts and exceptions from identification through resolution — including SOC 2 findings, SLA breaches, subcontractor changes, financial health flags, and regulatory or incident disclosures.
Lead TPRM-related internal and regulatory audit preparation and response; serve as the subject matter expert and primary point of contact for examiner inquiries related to third-party oversight.
Oversee vendor oversight activities specific to partner banking and fintech relationships — including program-level due diligence, ongoing monitoring, and compliance with OCC, FDIC, and Federal Reserve guidance on third-party risk.
Monitor and report vendor-specific Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs); provide regular reporting to senior management and the risk committee on portfolio-level third-party risk exposure.
Collaborate with Legal, Compliance, Procurement, Information Security, and business unit stakeholders to ensure third-party contracts, controls, and ongoing monitoring activities are aligned with the bank’s risk appetite.
Head of Vendor / Third-Party Risk
Full-service payments, lending, and banking provider that delivers global financial services through a personal approach. With an active partner banking program serving leading fintech and payments companies, operates at the intersection of traditional banking and modern financial technology. is seeking a Head of Vendor / Third-Party Risk to own and lead the bank’s end-to-end third-party risk management (TPRM) program. Reporting to the Director of Enterprise Risk Management, this individual will serve as the primary owner of vendor oversight across the bank’s full portfolio of third-party relationships — with particular emphasis on fintech partners, BaaS providers, and payments processors. This is a hands-on leadership role requiring deep subject matter expertise, direct vendor engagement, and the ability to author and maintain the frameworks that govern how bank manages third-party risk.