Third-Party Risk Manager
- Steven Piliero
Name: Robert "Rob" Davis
Age: 42
Education: MBA from Duke University, B.S. in Business Administration from the University of North Carolina at Chapel Hill
Professional Background:
15+ years of experience in risk management, procurement, and vendor management roles.
Focus areas: Third-party risk assessment, vendor due diligence, contract negotiation, performance monitoring, and risk mitigation strategies.
Previous roles: Third-Party Risk Management Lead at a global financial institution, Vendor Manager at a technology company, Procurement Specialist at a manufacturing company.
Special certifications or skills: Certified Third-Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC)
Industry: Varies depending on the organization's focus
Responsibilities:
Develop and implement the organization's third-party risk management program.
Identify, assess, and prioritize risks associated with third-party relationships (e.g., vendors, suppliers, contractors).
Conduct due diligence on potential and existing third parties to assess their security, financial stability, operational resilience, and compliance with regulations.
Negotiate and manage contracts with third parties, including service level agreements (SLAs) and risk mitigation clauses.
Monitor third-party performance and compliance with contractual obligations.
Develop and implement risk mitigation strategies to address identified risks.
Goals:
Protect the organization from financial, operational, reputational, and regulatory risks arising from third-party relationships.
Ensure that third-party relationships deliver value and support the organization's strategic objectives.
Build a robust and efficient third-party risk management program that is scalable and adaptable.
Foster a culture of risk awareness and accountability throughout the organization.
Challenges:
Managing a large and diverse portfolio of third-party relationships.
Keeping up with the evolving threat landscape and regulatory requirements.
Balancing the need for thorough due diligence with the need for speed and efficiency in onboarding new vendors.
Building effective communication and collaboration with internal stakeholders and third parties.
Motivations:
Protecting the organization's reputation and assets from third-party risks.
Ensuring the organization's supply chain is resilient and secure.
Building a strong and effective third-party risk management program that is recognized as a best practice.
Developing a fulfilling career in risk management and contributing to the organization's success.
Tech-Savviness:
Proficient in using risk management software, vendor management platforms, and contract management systems.
Comfortable with data analysis and identifying trends and patterns in third-party risk data.
Open to using technology to automate risk assessments and streamline due diligence processes.
Behavioral Traits:
Detail-oriented and organized, with strong analytical and problem-solving skills.
Risk-averse and proactive in identifying and mitigating potential risks.
Excellent communicator and negotiator, able to build rapport with internal and external stakeholders.
Collaborative and team-oriented, working effectively across different functions and departments.
Sources of Information:
Industry publications and reports on third-party risk management (e.g., Shared Assessments, Gartner).
Regulatory guidance and best practices on vendor management (e.g., OCC, FDIC).
Networking with other risk management professionals and attending industry events.
Vendor risk intelligence platforms and data sources.
Quote:
"Third-party risk management is not just about checking boxes; it's about building a comprehensive program that proactively identifies, assesses, and mitigates risks to protect the organization's interests and ensure its long-term success."