Description
Vice President, ERM IT & Vendor Risk Management
San Francisco, CA
At First Republic, we care about our people. Founded in 1985, we offer extraordinary client service in private banking, private business banking and private wealth management. We believe that personal connections are everything and our success is driven by the relationships we form with our colleagues and clients. You’ll always feel empowered and valued here.
Incredible teams doing exceptional work, every day
The Audit, Risk, Compliance and Legal groups support First Republic’s business objectives by systematically improving the effectiveness of its risk management, control and governance processes. We own and administer these processes while educating our colleagues to best support them. Our mission is to promote a culture of compliance and to be the best partner we can to our business stakeholders.
The Vice President, ERM IT & Vendor Risk Management is a critical second line of defense role to make sure the bank is resilient to technology and vendor related risks. You will be part of the Operational Risk Management team and will, in partnership with IT, Information Security and Vendor Management, identify risks, monitor controls and develop metrics to measure and report on the Company’s overall IT and Vendor risk, compliance with established IT and Vendor Management policies and standards.
One of the key components to be successful in this role is to build collaborative, trusting relationships with business leaders and colleagues. You will develop partnerships between risk owners/ managers (1st line), independent risk management (2nd line), and Internal Audit (3rd line) to provide an aggregate view of risk across the bank. Your reach and impact extends to colleagues across the organization through partnering with key stakeholders such as the Information Technology teams across the Bank and Vendor Management groups, to provide an unbiased view of risk assessment approaches and results. This role will have a special emphasis on contributing to the Company’s cybersecurity posture.
The ideal candidate will have practical, hands-on experience with technology controls and frameworks, excellent communication and writing skills, and the ability to quickly develop a working knowledge of First Republic Bank’s technology, processes, policies and procedures. It is important to be able to interact with all levels of staff including engineers, as well as senior and executive management.
Responsibilities
- Identify, measure and monitor risks through a repeatable, aggregated framework. Using the ERM framework and partnering with Information Services, Information Security and Vendor Management, identify and document top IT and Vendor risks (including controls, breakpoints and relevant action plans).
- Participate in reviews of IT-related enterprise-level and targeted risk assessments, such as Critical Implementation risk assessments, the FFIEC Cyber security assessment, GLBA, eBanking, etc.
- Provide proactive, actionable insights, independent review and challenge for IT and Vendor risk assessment frameworks and methodologies. This may include targeted validation / testing to ensure IT and Vendor risk programs are implemented appropriately and identify exceptions.
- Leverage subject matter expertise to identify relevant best practices and emerging approaches to better manage IT and Vendor exposures.
- Perform duties & responsibilities specific to department functions & activities or as assigned by supervisor. Build and develop a staff team to support in the activities listed above.
Qualifications
- Minimum of Bachelor’s degree in Information.
- Technology, business, finance, operations management or equivalent; Master’s degree preferred.
- Internationally recognized professional certifications required, such as: CISA, CISM, ITIL, CISSP.
- A minimum of 7 years relevant experience; indirect management experience through project leadership and group task management assignments.
- A minimum of 5 years working in a lead role with financial services or equivalent experience.
- A minimum of 5 years’ experience in a lead role within risk management, information security or vendor management.
- Excellent verbal and written communication skills.
- Strong knowledge of products, services, policies and regulations impacting risk, vendor risk, and information security (such as: penetration testing, CAT, GLBA, PCI).
- Proven ability to respond to changing circumstances.
- Team player who is comfortable working in a dynamic and fast-paced environment with minimal supervision.
- Ability to interact confidently with senior management.
- Balance multiple projects and other responsibilities.
- Strong attention to detail with a pro-active approach to solving and preventing problems.
- Ability to work under pressure/deadlines and manage multiple priorities.
- Exceptional interpersonal and partnership skills and the ability to positively influence outcomes, particularly in difficult matters.
- Strong time management and organization skills.
- Highly motivated and able to adapt to changing priorities.
Job Demands:
- Must be able to review and analyze data reports and manuals; must be computer proficient.
- Must be able to communicate effectively via telephone and in person.
Own your work and your career – apply now
Are you willing to go the extra mile because you love what you do and how you can contribute as a team? Do you want the freedom to grow and the opportunity to take charge of your own career? If so, then come join us.
We want hard working team players. You’ll have the independence to learn, lead and drive change. A culture of extraordinary service, empowerment and stability – that’s the First Republic way.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records, to the extent consistent with applicable federal and/or state law.
Find one job in US 