Head of Vendor Risk Management Job at NATIXIS Americas – 3.5 in New York, NY

Job Description

Company Description

Natixis is a French multinational financial services firm specialized in asset & wealth management, corporate & investment banking, insurance and payments. A subsidiary of Groupe BPCE, the second-largest banking group in France through its two retail banking networks, Banque Populaire and Caisse d’Epargne, Natixis counts nearly 16,000 employees across 38 countries. Its clients include corporations, financial institutions, sovereign and supranational organizations, as well as the customers of Groupe BPCE’s networks. Listed on the Paris stock exchange, Natixis has a solid financial base with a CET1 capital under Basel 3(1) of €11.3 billion, a Basel 3 CET1 Ratio(1) of 11.4% and quality long-term ratings (Standard & Poor’s: A+ / Moody’s: A1 / Fitch Ratings: A+). (1) Based on CRR-CRD4 rules as reported on June 26, 2013, including the Danish compromise – without phase-in Figures as at 31 March 2020

Job Description

The Vendor/ Third Party Risk Manager (VP level) will be responsible for supporting the development and implementation of an enterprise-wide Vendor/Third Party risk management program within the second Line of Defense.

  • Individual will help develop and communicate Third Party Risk engagement models to ensure that Non-Financial Risk Management considerations are accounted for in all the bank’s major sourcing initiatives.
  • Design and implement a Third Party Risk Management Framework to be able to provide oversight and independent challenge to the first line through an effective and objective assessment.
  • Establish and communicate Vendor/ Third Party Risk related governance models, risk and control strategies, policies and metrics.
  • Keeps abreast of the latest security, privacy, and regulatory requirements and best practices impacting Vendor/ Third Party Risk management.
  • Advises business and senior management on any material changes requested by third parties that affect our security posture and/ or privacy provisions of our contracts and outsourced activities.
  • Perform risk tracking, trending, analysis, and executive reporting.
  • Responsible for ensuring the firms risk preparedness; development and maintenance of a Vendor/ Third Party Risk policy and related practices as well as the identification of risks and supervision of 1st line remediation of risks resulting from third party applications, systems, and infrastructure.
  • Advises procurement, purchasing and project teams on vendor assessment requirements and performs Vendor/ Third Party Risk assessments for new vendors or services.
  • Analyzes, designs, and implements business processes and requirements to ensure compliance with security policies and procedures.

Leads process improvements and solution discussions and presents outcomes in written and verbal format to senior management.

Required Skills/Qualifications/Experience

  • Bachelor’s degree in Information Technology, Information Security, Business or Risk Management (or equivalent professional qualification)
  • 5+ years’ experience specifically in third party, Information Security or technology assessments.
  • Prior Vendor/ Third Party Risk experience (IT, Cyber, Vendor etc.) and exposure to the Financial Services industry is a must.
  • Experience with GRC tools and other risk management information systems is preferred.
  • Exposure to developing and implementing risk management programs in global organizations.
  • Experience interacting with regulatory agencies is a plus.
  • Good Influence Builder and Trust Builder
  • Good stakeholder management skills
  • Ability to work effectively in a team environment, yet Self-motivated with the ability to work independently.
  • Strong verbal, written communication and interpersonal skills.
  • Ability to effectively handle a fast-paced environment and successfully meet established deadline requirements.
  • Microsoft Office (Word, Outlook, Excel, and PowerPoint)

Not mandatory, but Industry recognized certifications within the domains of information security and or privacy (e.g., CISSP, GIAC, CISM, CISA, CIPP, CTPRP, CCSP, etc.) considered a plus

About Company

Company: NATIXIS Americas – 3.5

Company Location:  New York, NY

Job Category: IT Jobs, Information Technology Jobs, Tech Jobs, Telecommunication Jobs

About NATIXIS Americas - 3.5