Job Title:

Director, Third Party Technology Risk

Location:

CityScape

What you'll do:

As the Third-Party Cyber Risk Director in Western Alliance Bank’s (WAB) Business Information Security Office, you’ll have the opportunity to contribute to WAB’s rapid growth and enable business strategies, by assuring third-party vendors have adequate safeguards in place to protect the confidentiality of our clients, integrity of data, and availability of systems supporting the Bank. You will be responsible for providing thought leadership, developing a next generation third-party cyber risk management program, engaging with partners across the organization (including Vendor Management, Procurement, Legal, Privacy, IT, Business Partners, and others), and providing visibility to leadership of the risk being assumed through partners, suppliers, and other third-party relationships. You will participate in the governance of the vendor risk management program for the Bank, working in partnership across the three lines of defense and various functional subject matter expert (SME) groups. This role will manage the staff and team to ensure the risk identification, assessment, mitigation, and reporting of third-party cyber risk associated with third-party vendor relationships, and the completion of incoming due diligence request of our business customers.

This role reports directly to the WAB Business Information Security Officer.

Lead strategy development, program execution, and ongoing management of WAB’s Third-Party Cyber Risk (TPCR) program.

Implement and continuously improve a third-party cyber risk program that complies with the organizations strategic goals, regulatory requirements, and Financial Services industry best practices.

Lead the ongoing development and deployment of policies, standards, procedures, and tools required to effectively manage and oversee the TPCR Program.

Responsible for managing program elements throughout the life cycle of the third-party relationship including initial risk assessment, due diligence, contract requirements, ongoing monitoring, and termination/off boarding strategies.

Support third party audit engagements and regulatory exams as a third-party cyber risk Subject Matter Expert (SME) on matters relating to third party regulatory guidance and risk management/mitigation.

Lead and manage a team, including Third-Party Risk Consultants chartered with performing common cyber due diligence assessments on WAB’s third parties.

Oversee the continuous improvement of these processes as business unit and risk program owner requirements evolve.

Engage with and manage relationships with WAB’s Vendor Management organization, ensuring coordination across programs and alignment with overarching TPRM and VRM Policy requirements.

Maintain an intimate understanding of best-in-class TPRM practices through benchmarking and continuous education.

Engage with Executive Sponsors and Business Partners and provide value-added insight to improve the certainty of business outcomes and reduce risk.

Drive accountability for third-party performance and management of cyber risk related to third parties with business unit Business Partners

Conduct risk assessments, develop training and communication, monitor, and test the effectiveness of controls, manage risk treatment and remediation, and sustain and optimize applicable risk management programs.

Instill a culture of risk management, compliance, and continuous improvement with business partners, using data to influence decisions around control procedures, new technologies, or changes in practice or policy, and execute appropriate remediation follow-up where controls are insufficient or not operating as intended.

Represent WAB with external industry groups and establish peer circles for benchmarking and industry learning

What you'll need:

Minimum Education: Bachelor’s degree in security management, Information Security, Risk Management, or a related field. A master’s degree or relevant certifications (e.g., CISSP, CISA, CISM) are preferred.

One of or more of the following certificates: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor)

Understanding of IT risks associated with client data and 3rd party technology systems

Minimum of 15+ years of experience with increasing responsibility in cybersecurity, risk management, or a related field, including at least five years of management experience.

Minimum of 7 years of experience in security, or a related field, with a focus on 3rd party technology risk; proven track record of building 3rd party risk programs in financial services.

Proven experience in managing 3rd party technology risks from both a strategic and operations perspective.

Strong understanding of cybersecurity and Privacy regulatory requirements as it relates to IT Risk management.

A proven ability to lead and develop organization specifically through change and transformation. Ability to lead and implement change.

Exceptional communication and interpersonal skills, with the ability to influence and collaborate with stakeholders at all levels.

Strong leadership and project management skills, with experience leading cross-functional teams

Benefits you’ll love:
We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you’ll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!

About the company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC.  AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying, please email HR@westernalliancebank.com or call 602-386-2488.  When contacting us, please provide your contact information and state the nature of your accessibility issue.  We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

© Western Alliance Bancorporation