Head of Third-Party Risk Management

About Northern Trust:

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.  

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

We have a balanced hybrid working model to ensure you get the flexibility you need, and the successful candidate will spend their time between working in the office and working from home.

This role reports to the Chief Procurement Officer (CPO) and is the Head of the Third Party Management Office (TPMO). The TPMO plays a centralized enterprise-wide adherence and oversight role within the 1st Line of Defense and is responsible for owning, implementing, and enforcing compliance with the policy and standards including training and issue management. TPMO is also responsible for producing, monitoring, and reporting on 1st Line of Defense Third Party Risk Management lifecycle activity metrics and aggregation themes.

The Head of TPMO will provide oversight for the design, implementation, and improvement of third-party risk management processes, policies, and risk performance measures to guide Northern Trust in driving effective and efficient risk management throughout the third-party life cycle. The Head of TPMO will guide the assessment, planning, implementation, management, and coordination of third party risk management initiatives and activities.

In this role the individual will bring a systematic and disciplined approach to third-party risk management, including oversight, control, and monitoring processes. They will establish a third party management framework customized to Northern Trust’s environment that will drive risk-informed decisions and action. For success in this role, they’ll bring a thorough knowledge of third party risk management processes, as well as keen business judgement.

This individual will be an expert in Third Party Risk Management and would be well versed in end to end third party risk management concepts and execution. This role involves constant interaction with business stakeholders and chairing of departmental committee. The incumbent will lead a team of professionals with clearly defined roles and responsibilities.

Responsibilities

• Accountable for overall oversight of the program, ensuring program throughput for the various life cycle elements as per program SLAs (Planning, IRQs, DDQs, Ongoing Monitoring, Contracting and Termination) and strict adherence to the policy and standard

• Responsible for exit strategy completeness across all critical vendors and for consideration of vendor SLAs within continuity plans for all vendors related to critical processes

• Accountable for consideration of third party failures as part of scenario development

• TPMO periodic review and update of overall program design and methodologies including risk assessment questionnaires, risk calculation and aggregation methods, risk treatment methodologies, escalation thresholds, open issues, inventory, and program reporting

• TPMO periodic review of the Third Party Management Practice Standard, supplier service categories, training materials, desk procedures, QC design and execution and process review for enhancement / automation opportunities

• Lead third party risk management initiatives with cross-functional internal stakeholders to monitor, mitigate, and report on risks and ensure compliance with applicable legal/regulatory requirements

• Apply a deep understanding of various types of third-party risks and how to mitigate them, including strategic, reputational, growth, financial, operational and compliance risks

• Ensure strong oversight of all third-party risks, providing senior management visibility into existing and emerging threats

• Ensure consistent enhancements to the third party risk management technology solution that will meet the needs of a broad range of process objectives and stakeholder requirements

• Tracking vendor concentration risks, Nth party risks, resilience risks, regulatory changes, and other emerging risks

• Chairing monthly Third Party Risk Execution committee (TPOC) and periodically reviewing and approving departmental organization chart, operating model, and RACI

• Responsible for 1st Line of Defense review and challenge and for business perspective on 2nd Line of Defense deliverables such as TPRM Policy, Third Party Risk appetite statement and metrics, Committee charters, and corporate risk committee (CTRC) reporting

• Maintain meaningful interactions and responses with various stakeholders such as business units, regulators, and auditors

• Develop vendor consulting / outsourced services supplier expectations and reviewing contracts with vendors hired by the department

• Review vendor / consultant performance, prioritizing efforts and approving invoices for those suppliers hired by the department

• Responsible for final review of all departmental reporting, inclusive of reporting submitted to regulators, committees and business partners.

Qualifications

• BS/BA Bachelor of Science degree or Bachelor of Arts or equivalent years of experience

• Minimum of 10+ years of related experience with a strong understanding of third party management in a highly regulated industry

• Ability to successfully navigate across various lines of defense

• Experience and/or working knowledge of related disciplines, including strategic sourcing, procurement, supplier information security, supplier diversity, ESG, third-party compliance, information technology vendor management, privacy, enterprise risk management and/or business continuity

• Ability to think and act strategically and creatively, while having strong business acumen

• Proven experience as a team lead, team management, resource planning, designing corresponding department job descriptions and hiring of personnel

• A thorough understanding of third-party (i.e., vendor, supplier, etc.) risk management and prior experience in designing program solutions, risk scoring and aggregation methodologies and designing committee reporting

• Understanding of global risk regulatory requirements with an emphasis on US (OCC Bulletins, FFIEC, FED, FDIC) or UK (PRA, FCA)

• Third party risk management related certification such as CTPRP or CTPRA or other professional certifications such as CA, CGEIT, CIA, CISA, CISM, CISSP, CMA, CPA or CRISC preferred

• Strong leadership and organizational skills

• Ability to influence activities across multiple teams and across business units • Outstanding writing, communication, and presentation skills

• Sound analytical and problem-solving skills

• Strong networking ability to develop internal and external networks based on integrity and credibility through active listening and understanding

Salary Range:

Salary range is a good faith estimate of base pay. Northern Trust provides a comprehensive benefits package including retirement benefits (401k and pension), health and welfare benefits (medical, dental, vision, spending accounts and disability), paid time off, parental and caregiver leave, life & accident insurance, and other voluntary and well-being benefits. Northern Trust also provides a discretionary bonus program that may include an equity component.

Working with Us: 

As a Northern Trust partner, greater achievements await. You will be part of a flexible and collaborative work culture in an organization where financial strength and stability is an asset that emboldens us to explore new ideas.

Movement within the organization is encouraged, senior leaders are accessible, and you can take pride in working for a company committed to assisting the communities we serve! Join a workplace with a greater purpose.

We’d love to learn more about how your interests and experience could be a fit with one of the world’s most admired and sustainable companies! Build your career with us and apply today. #MadeForGreater 

Reasonable accommodation

Northern Trust is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at MyHRHelp@ntrs.com.

 
We hope you’re excited about the role and the opportunity to work with us. We value an inclusive workplace and understand flexibility means different things to different people.

Apply today and talk to us about your flexible working requirements and together we can achieve greater.