Operational and Enterprise Risk Manager

Description

Job Scope:

Responsible for administering and facilitating Sunward’s third-party risk management, business continuity, and related risk programs under the direction of the VP, Risk Management. This role coordinates day-to-day program activities across vendor relationship owners (VROs) and business units, supporting both new and existing vendor due diligence, business continuity plan updates, and issue management tasks. It provides guidance to stakeholders on how to review, interpret, and meet program requirements, ensures adherence to established compliance procedures, and escalates concerns appropriately. 

This position also works closely with Legal, Information Security, and Compliance to coordinate technical and compliance reviews, and collaborates with VROs and internal partners to understand contract content, risk allocation, and potential gaps related to confidentiality, subcontracting, regulatory compliance, service levels, data requirements, and breach liability. It identifies operational issues, recommends refinements to processes, and ensures consistent application of standards across the organization, operating with limited autonomy and focusing on supporting departmental goals through strong coordination and operational enablement.

Essential Functions

• Maintains Sunward’s vendor management and business continuity policy and program, including program documentation. Ensures activities are performed and records are retained in compliance with applicable laws, regulations, and Sunward’s policies and procedures, escalating concerns as necessary.
• Looks for opportunities to improve processes in the business continuity and third-party management lifecycles, recommending refinements to procedures and supporting program updates to enhance operational accuracy and efficiency.
• Administers and maintains software program(s) (e.g., Tandem) used for vendor, contract management, and business continuity functions, ensuring data accuracy and supporting front-line adoption of system changes.
• Supports VROs’ review of contracts and updates of business continuity documents and other materials as part of due diligence, providing clear guidance on program requirements and expectations.
• Conducts review, in conjunction with Legal, of detailed technical and legal documents. Provides contract redlines to VROs and/or counsel and works with stakeholders to address gap areas or compliance issues within established procedures.
• Helps VROs and process owners evaluate vendor diligence documents and business continuity documentation—including financial statements and SOC reports—ensuring required reviews are completed accurately and consistently.
• Reviews vendor risk assessment outputs and business continuity documents to confirm risks have been appropriately assessed; follows up with VROs and business units to resolve inconsistencies and close gaps in documentation.
• Develops strong working relationships and maintains ongoing communication with VROs and business units to support day-to-day execution and consistent application of program standards.
• Provides reporting and analysis regarding overall program performance, including vendor risk, VRO adherence, and compliance with business continuity requirements, informing operational decision-making and tactical planning.
• Assists with regulatory examinations, audits, and similar inquiries, supporting documentation requests and helping prepare and execute management responses.
• Works with the VP, Risk Management to support business unit adherence to the risk acceptance program, helping ensure processes are followed and exceptions are escalated appropriately.
• Provides support to the VP, Risk Management in the development and maintenance of the issues management program, assisting with tracking, documentation, and follow-up actions.
• Performs other duties and responsibilities as assigned in support of departmental and organizational objectives.

Requirements

Qualifications:

Experience and Education

• Minimum of six years of experience in risk management, business continuity, or vendor management within a financial institution. Demonstrated responsibility for vendor management and/or business continuity program documentation review preferred.
• Bachelor’s degree in liberal arts, business administration, or related field, or equivalent experience.

Leadership Competencies

• Demonstrates high ethical standards and monitors adherence to compliance procedures; conducts routine checks and raises/escalates compliance concerns to leadership as needed.
• Proven ability to diplomatically influence and contribute to institutional governance processes by coordinating stakeholders, facilitating consensus, and representing operational perspectives.
• Acts as an operational coach and enabler: provides guidance to VROs and process owners on program requirements, supports adoption of procedures, and follows up to prevent recurrence of issues.
• Applies practical judgment in day-to-day decisions within established policies and escalates issues outside precedent to the VP, Risk Management.
• Operates with limited budget authority and restricted autonomy—makes tactical decisions to maintain program continuity and refers strategic or cross-departmental exceptions upward.
• Self-starter with a high sense of urgency who manages multiple priorities and supports continuous operational improvement.

Knowledge

• Practical knowledge of SOC reports and risk assessments (including inherent and residual risk, along with mitigation and controls) and how to apply those insights to operational workflows.
• Applied understanding of COSO, risk management frameworks, and/or NCUA examination practices, with the ability to translate findings into program actions.
• Familiarity with issue management and risk acceptance programs, able to assist in tracking, documentation, and escalation of issues.
• Proficiency in MS Office and experience administering vendor/BCP software (e.g., Tandem) to support operational execution of programs.

Skills/Abilities

• Superior interpersonal skills focused on stakeholder coordination, influence, and clear communication across business units.
• Able to professionally represent the institution to regulators, strategic partners, and other third parties in an operational capacity, supporting audits, inquiries, and documentation.
• Performs effectively in cross-functional teams; strong individual and team contributor who facilitates collaboration among VROs, Legal, InfoSec, and Compliance.
• Excellent communication skills for understanding, synthesizing, and presenting technical material, policy, program documentation, and operational recommendations.
• Able to facilitate meetings efficiently, ensuring clarity of expectations, follow-up actions, and program alignment.
• Advanced business understanding (general banking knowledge preferred) applied to day-to-day program execution.
• Self-starter with a high sense of urgency and the ability to manage multiple priorities simultaneously with limited direction.
• Superior analytical skills and critical thinking; able to identify multi-dimensional issues, ask difficult questions, and recommend practical operational solutions.
• Willingness to learn and adapt quickly with a positive mindset.
• Proven organizational skills: prioritizes multiple tasks and projects, meets deadlines, and manages resources within established procedures.
• Understands and applies best practices, continually recommending process and service improvements while operating within defined policy limits.

Physical Requirements/Work Environment

• Primarily office-based work with frequent use of computers, phones, and other standard office equipment.
• Ability to sit, stand, and work at a desk for extended periods throughout the workday.
• Occasional lifting or moving of light materials (up to 15–20 pounds) such as files or office supplies.
• May require participation in meetings, training sessions, or site visits within the organization.
• Work environment includes deadlines, audits, or regulatory review periods requiring focused attention and multitasking.
• Ability to communicate clearly in person, by phone, and electronically, including exchanging information with internal stakeholders and external partners.
• Minimal exposure to environmental hazards; primarily a standard office setting.