Manager, Third Party Risk Assessment

Permanent Full Time We are looking for a Manager, Third Party Risk Assessment. Are you a leader experienced in leading the assessments of suppliers’ information security, privacy, business continuity, and Artificial Intelligence (AI) practices, and facilitating process improvement in a global financial services organization? Reporting to the Director, Global Information Security and Technology Risk, the Manager, Third Party Risk Assessment will manage supplier risk assessments and lead collaboration with procurement, the supplier risk management team, information security, and more. What You Will Do Lead, mentor, and train a global team of experienced third-party risk assessment (TPRA) assessors. Review supplier responses to due diligence questionnaires including artefacts to assess their information security, privacy, business continuity, AI, credit card practices, and more, highlighting concerns to stakeholders. Maintain and incrementally improve supplier risk assessment methodologies, processes and procedures. Manage the operational excellence of the TPRA team, facilitating methodical and incremental process improvements, creating and updating internal processes and procedural artefacts, ensuring quality and consistency of supplier assessments, and proactively escalating any problems to leadership. Represent the TPRA team when collaborating with procurement, supplier risk management, other risk teams (technology risk, privacy, business continuity, AI, and more) across First line, Second line and Third Lines of defence. Provide feedback for new or revised policies and standards proposed by Procurement and Supplier Risk Management. Support stakeholders (Procurement, Supplier Risk Management, information security and technology risk management teams and more) respond to queries (e.g. OSFI B-10) from external regulators, prepare for external audit reviews and internal reporting cycles. Facilitate and lead training workshops for internal assessors. Track and manage supplier assessments in a fit-for-purpose supplier assessment SaaS tool and review the suitability of proposed competitor solutions. What You Will Bring 7-10 years’ experience assessing suppliers’ information security, privacy and business continuity practices including their SOC 2 reports, ISO 27001 certifications, attestations and artefacts. In-depth experience using supplier assessment questionnaires from industry (e.g. SIG) including custom internal questionnaires, and insights into the pros & cons of different approaches. A process mindset that seeks to understand the big picture (upstream process, downstream impacts, etc.) with a detail-oriented eye for quality. Experience leading a team of operational assessors and/or cross-functional teams. Experience developing and maintaining training artefacts in SharePoint or Confluence. Familiarity with SaaS solutions specialized for supplier risk assessments Experience assessing potential subsidiaries in advance of mergers & acquisitions from a third-party risk assessment perspective. Nice to have - certifications or designations related to risk management and/or information security. E.g. CISA, CRISC, CISM, CISSP, etc. The base salary for this position is between $119,300 - $169,300 annually. This represents base salary only and does not represent other variable compensation components of our total compensation ( i.e. annual bonus, commission etc). If you are selected to move forward in our recruitment process, your recruiter will be able to discuss additional details of our total rewards program with you. Career opportunities will be open a minimum of 5 business days from the date of posting, closing dates will vary depending on the search activity. All applications received will be reviewed on a rolling basis. Be your best at Canada Life- Apply today #J-18808-Ljbffr