Third Party Risk Manager

Summary

Join Varo's world-class Third Party Risk Management (TPRM) team as a TPRM Manager. You will be responsible for evaluating and managing third-party operational risks, carrying out ongoing reviews, identifying risks and requirements, and monitoring third parties' performance. This role involves acting as a liaison with first-line teams to enhance business processes and vendor oversight. You will manage and enhance Varo’s Third-Party Risk Management Framework, define and meet SLAs, oversee policy implementation, and collaborate with stakeholders to maintain a comprehensive inventory of third-party relationships. Additionally, you will work with technology and security teams on incident response plans, prepare reports for senior management, partner with budget owners on contract negotiations, and track compliance with Varo’s third-party policies. You will also act as TPRM Lead in regulatory and audit matters.

Requirements

• 5-7 years of leading third-party risk management experience with a financial institution, a fintech company, or a provider to the financial services business sector
• Risk assessment and due diligence experience with a particular focus on identifying risks and identifying and implementing solutions to remediate these gaps
• Ability to conduct and report on testing of applicable controls that are in place regarding third-party service providers
• Experience designing systems and workflows that support effective prioritization of monitoring Third Parties and work for the team
• Previous experience reporting to senior management, the Board, and/or Committees of the Board on the status of third-party risk management efforts
• Experience implementing Third Party Management requirements to comply with various regulatory requirements and industry best practices
• Knowledge of Business Continuity, Disaster Recovery, NIST CSF, PCI DSS compliance, SOC 2 Type 2, etc
• Experience with RSA Archer or similar GRC tools

Responsibilities

• Manage and enhance Varo’s Third-Party Risk Management Framework to ensure it meets regulatory expectations and Varo’s risk appetite
• Define and meet SLA expectations for Third Party Risk Assessments, vendor onboarding, proof of concept periods, and retirement
• Oversee the implementation and adherence to Varo’s policy and procedures regarding third-party risk management, including training internal departments on requirements and managing third-party service providers/vendors on an ongoing basis
• Collaborate with internal stakeholders to establish and maintain a comprehensive inventory of third-party relationships, applications, and associated risks
• Work closely with all Varo departments and internal risk groups that are seeking third-party services/vendor relationships to assure that appropriate risk assessment and due diligence are conducted for any new third-party service
• Collaborate with internal technology and security teams to develop incident response plans and procedures for addressing cybersecurity incidents involving third parties
• Prepare and present comprehensive reports and recommendations to senior management regarding third-party risk exposures and mitigation strategies through performance assessments
• Partner with internal budget owners to deliver against budgets and work with appropriate stakeholders on contract negotiations for all managed third-party relationships
• Track compliance with Varo’s third-party policies and procedures, analyze and report on any gaps, and provide recommendations for remediation of such gaps
• Develop dashboard presentations and reports, and provide periodic updates to various Risk Committees on the status of the third-party risk management program
• Act as TPRM Lead in any Regulatory and audit matters, including exams and meetings

Benefits

• Bonus
• Equity
• Competitive benefits