The Third Party Risk Manager, Operational Risk Oversight is responsible for the development and implementation of the Third Party Risk Management (TPRM) program to identify, assess, mitigate, govern and report on Definity 's third party risks. The Manager provides Enterprise Risk Management (ERM) second line of risk management oversight of the third party risk management activities conducted by the first line, with particular focus on the third-party vendor management program. In delivering on the TPRM program, the Manager works closely with SVPs, Business Unit heads, and management across the company to enhance third party risk management and reporting.
RESPONSIBILITIES
Lead the enterprise TPRM program:
- develop, implement and enhance programs that monitor, measure, analyze and report on third party risk exposures across all business areas and compare against Definity’s risk appetite
- establish standards and tools for the execution of third party risk programs within the business units, including the execution of risk and control assessments and the reporting of third party risk incidents
- continue to enhance the third party risk management framework, policies and procedures to ensure continuous improvement and program maturity across the organization
- assist the business with the identification of key third party risks and mitigating controls in their business units, as well as monitoring their action plans to address mitigation
- provide guidance to business units conducting lean initiatives to balance efficiency with effectiveness and risk mitigation
- prepare monthly/quarterly risk reporting on third party risk appetite metrics, third party risk dashboards and accompanying analysis, letter of representation and other third party risk reporting for presentation to senior leadership, board and committees
- assist the business with the identification and reporting of third party key risk indicators, escalation limits/thresholds and escalation processes, and ensure they adapt to the changing business and regulatory expectation
- identify trends in key risk indicators and monitor action plans to address
- enhance processes for the review of third party incidents, root cause identification and control remediation and documentation
- aggregate and analyze risk events and root causes reported by the business to recommend improvements to prevent/mitigate reoccurrence
Provide ERM oversight of the development and implementation of an effective third-party vendor management program:
- provide second line of risk management input into, and constructive challenge of, the development, implementation and operation of an effective third-party vendor management program
- support the implementation and maintenance of the enterprise TPRM and Sourcing & Vendor Management policies
- perform monitoring of enterprise compliance with the enterprise TPRM and Sourcing & Vendor Management policies
- provide second line review and constructive challenge of procurement activities as required by the TPRM and Sourcing & Vendor Management policies
Research and remain current with emerging best practices in third party risk management and reporting:
- enhance the design, implementation and management of Definity’s third party risk management program in compliance with OSFI’s B-10 Third Party Risk Management Guideline and monitor regulatory developments related to third party risk management
- continue to research, recommend and implement best practices in third party risk management and reporting to improve Definity’s ability to identify, assess, mitigate, govern and report on third party risk
- monitor developments in third-party vendor management best practices and regulatory requirements and recommend enhancements to Definity’s third-party vendor management program
REQUIREMENTS
- university degree or equivalent combination of education and experience in risk management, compliance, finance or related field
- 3-5 years of related experience in a property and casualty insurance (P&C) third party function, third party risk management role (or another risk and control-related or third party role); preference will be given to candidates with experience in P&C insurance and/or financial services organization
- excellent understanding of processes, controls and responsibilities associated with P&C underwriting, claims and/or financial services
- excellent verbal and written communication skills; excellent interpersonal, collaboration and presentation skills
- excellent stakeholder relationship management and influencing skills with the ability to effectively and constructively challenge stakeholders to drive appropriate risk management outcomes
- strong organizational and analytical problem-solving skills
- familiarity with insurance would be beneficial.
- proficient in Microsoft Office products
Salary Range: $77,100 - $142,000
