U.S. Bank TPRM Director - Global Delivery Oversight, Evaluations & External Events in San Diego, California
At U.S. Bank, we’re on a journey to do our best. Helping the customers and businesses we serve to make better and smarter financial decisions and enabling the communities we support to grow and succeed. We believe it takes all of us to bring our shared ambition to life, and each person is unique in their potential. A career with U.S. Bank gives you a wide, ever-growing range of opportunities to discover what makes you thrive at every stage of your career. Try new things, learn new skills and discover what you excel at—all from Day One.
Reporting to the Head of Third-Party Risk Management (TPRM), this leader is responsible for a team performing the following functions.
Oversight of U.S. Bank’s Global (offshore) Delivery program (Information Technology Outsourcing, Business Process Outsourcing, Contact Center Outsourcing etc.) to ensure alignment with all stages of the Third Party Relationship lifecycle (Planning, Due Diligence & Third Party Selection, Contracting, Ongoing Monitoring).
Coordination, management, and resolution of Third Party Events (events and incidents e.g., ransomware attacks, cyber / data breaches, performance / operational issues, financial viability issues) across Cyber, Privacy, Resilience domains and all business line teams.
Onsite and desktop (remote) based evaluations of Critical and High Risk Third Parties to validate control environment (physical/logical security), risk posture, performance metrics, continuity plans and corresponding testing etc.
The leader possesses significant experience across Global Delivery models, Information Security, Privacy, 4th Party and Country risk to lead a team and provide subject matter expertise / oversight to assess third parties and their respective control environments, review, design and monitor remediation plans. The senior leader will be responsible to design the organization structure including operational metrics to lead a high performance team with total size of approximately 15-20. Partners with Senior to Executive Leaders in their assigned Line of Business, BL Chief Risk Officers (CRO), Risk/Compliance/Audit (RCA) Managers, Procurement, Law Division, Technology to manage and oversee global delivery, third party assessments, evaluations and external events.
Overall leadership responsibilities including coaching, team building, management of daily operations, effective Service Level Objectives (SLO) establishment to manage and oversee global delivery operations, external events and evaluations.
Actively participate with Technology and Business teams to provide expertise, guidance and oversight to build and enable company’s global delivery program incl. third party footprint, fit for purpose activities (across business, technology, contact centers, analytics etc.), corresponding locations (countries, cities, geographies).
Credibly challenge third party and country selections with an eye towards risk management, control environment, third party portfolio rationalization, data exposure, network connectivity, business continuity and resilience considerations. Review and approve key decisions (new third party, country, city keeping in mind concentration risk and resilience).
Strong partnership and relationship building within Risk Management & Compliance (RM&C), Operational Risk, TPRM and across Business Lines (BL), CROs, Risk & Control Specialist groups, Technology partners etc. to meet business and company objectives using Third Parties.
Lead the team to ensure that following responsibilities/duties are carried out by the team members as a part of day-to-day operations:
Establish consistent process and strong governance routines for selection and use of third parties associated with global delivery. Ensure alignment across all phases of third-party risk and relationship management lifecycle. Establish metrics and thresholds associated with concentration risk by function, geography, city, third party. Establish routines to continuously evaluate and monitor control environment incl. IAM access, network access, data and application access.
Conduct initial and ongoing third-party assessments for RCS groups within TPRM team (e.g., 4th party, privacy, country, Physical security etc.)
Coordinate / collaborate with BLs, RCS functions and TPRM stakeholders to establish schedules for onsite and remote evaluations of third parties.
Conduct onsite and remote desktop assessments / evaluations per established criteria and agreed upon plans directly or by leveraging external resources. Review results with RCS groups and socialize with BLs. Publish results through standard templates. Manage budget, plan and contract for external resources.
Manage external third-party events, incidents in collaboration / partnership with other internal (TPRM portfolio managers) and external stakeholders (e.g., Resilience, ISS, data privacy, Physical security)
Liaise / partner with other RCS groups to optimize, refine (re)assessment execution in partnership with Strategy team.
Enhance continuous monitoring protocols and reporting, leveraging automated tools and technologies.
Maintain program documentation, playbooks etc.
Bachelor's or advanced degree, or equivalent work experience
Typically, more than 12 years of applicable experience
Significant experience in all aspects of Third Party Risk Management (TPRM) program management and understanding of applicable laws, regulations, financial services, and regulatory trends that impact the bank
Considerable experience in establishing, running or overseeing global delivery operations across business, technology and contact center environments including aspects of governance and performance management
Considerable experience in cyber security, technology / cloud, 4th party, contingent workforce management domains / systems
Experience in managing the end-to-end lifecycle for external events such as ransomware, cyber incidents, operational issues etc. Be able to lead and facilitate dialogs across the company and third party stakeholders to triage, analyze and resolve. Ability to jointly solution and recommend compensating controls in case of external incidents
Considerable understanding of the business line’s operations, products/services, systems, and associated risks/controls
Thorough knowledge of Risk/Compliance/Audit competencies
Strong leadership and management skills of processes, projects and people
Effective skills at managing stressful situations
Effective written and verbal communication skills
Strong analytical, problem-solving and negotiation skills
Proficient computer skills, especially Microsoft Office applications
This role is hybrid. Team members who are in a hybrid role typically spend three days a week at a U.S. Bank location, while having flexibility on their work location for the other working days.
If there’s anything we can do to accommodate a disability during any portion of the application or hiring process, please refer to our disability accommodations for applicants (https://careers.usbank.com/global/en/disability-accommodations-for-applicants) .
Learn how the way we work at U.S. Bank (https://assets.phenompeople.com/CareerConnectResources/prod/UBNAGLOBAL/documents/Thewaywework-1666895142717.pdf) drives meaningful relationships with our customers and collaboration across the company.
Our approach to benefits and total rewards considers our team members’ whole selves and what may be needed to thrive in and outside work. That's why our benefits are designed to help you and your family boost your health, protect your financial security and give you peace of mind. Our benefits include the following (some may vary based on role, location or hours):
Healthcare (medical, dental, vision)
Basic term and optional term life insurance
Short-term and long-term disability
Pregnancy disability and parental leave
401(k) and employer-funded retirement plan
Paid vacation (from two to five weeks depending on salary grade and tenure)
Up to 11 paid holiday opportunities
Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law
EEO is the Law
U.S. Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors. Applicants can learn more about the company’s status as an equal opportunity employer by viewing the federal KNOW YOUR RIGHTS (https://eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) EEO poster.
U.S. Bank participates in the U.S. Department of Homeland Security E-Verify program in all facilities located in the United States and certain U.S. territories. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program (https://careers.usbank.com/verification-of-eligibility-for-employment) .
The salary range reflects figures based on the primary location, which is listed first. The actual range for the role may differ based on the location of the role. In addition to salary, US Bank offers a comprehensive benefits package, including incentive and recognition programs, equity stock purchase 401k contribution and pension (all benefits are subject to eligibility requirements). Pay Range: $140,930.00 - $165,800.00 - $182,380.00