Principal, global third-party risk management
overview: the principal, global third-party risk management is responsible to develop, establish and support herbalife third-party risk management (tprm) initiatives on a global basis. The principal, global third-party risk management will work with key stakeholders from various departments such as ethics and compliance, legal, member services, finance, internal audit, global strategic sourcing and the requester department. The manager will develop and implement a comprehensive third-party risk assessment, monitoring program and mitigation program, including the strategy, roadmap, processes, work instructions, tools, software, reporting, policies, training, automation and metrics. The principal, global third-party risk management will support global third-party risk management strategies, build, enhance and maintain third-party risk profiles and mitigation plans for herbalife key third-party relationships. The principal, global third-party risk management will be responsible to ensure that herbalife is conducting its business in full compliance with regulations that pertain to its industry, as well as professional standards, accepted business practices, and internal standards and policies. The third-party term include vendors, distributors and banks globally. The risk assessment covered by this position are focus on money laundering, corruption, international sanctions, political expose person and adverse media.
how you would contribute
* manage the global third-party risk management lifecycle by ensuring identified third parties are screened and analyzed for compliance with industry regulations, professional standards, and internal policies.
* oversee compliance risk policies, procedures and requirements related with contracts, monitoring and the due diligence processes necessary to manage third-party risk effectively.
* collaborate with various teams to identify, assess, and mitigate risks, conduct audits, and monitor data in real-time guaranteeing adherence to policies.
* optimize and simplify processes, due diligence, policy governance, risk criteria and tools ensuring alignment with organizational goals and regulatory requirements.
* collaborate effectively with compliance and risk experts and other key stakeholders in global strategic sourcing, legal, ethics and compliance, member services, finance, internal audit etc. to evaluate, plan, monitor and report on critical risk management initiatives and mitigation strategies.
* maintain and improve the global due diligence systems for government service providers and the monitoring systems for vendors, banks, and distributors.
* detect and mitigate potential compliance risks related to government service providers, vendors, banks, and distributors globally and conduct thorough investigations and report findings.
* develop, analyze and distribute reporting and visualization with regards to third-party risk management including third-party risk monitoring and workload.
* provide training for vendors and internal users on policy, system and due diligence and supporting the team in daily operation activities to make sure supported processes are performed in timely and compliant manner.
* perform ad-hoc activities and support initiatives to support management requests.
what's special about the team
* active role in an international structure and opportunity for development.
* work in a pleasant atmosphere, in a dynamic environment.
* work effectively and partner with other leaders across the company to implement improved processes and pursue strategic objectives globally.
* build and maintain positive relationship, demonstrate teamwork collaboration and.
job qualifications skills and background required to be successful
* min 5 years of relevant functional experience with a focus on third-party risk monitoring, compliance and controls, government suppliers, politically exposed entities, due diligence and investigations processes and international sanctions to suppliers, banks and persons.
* min 5 years of experience with excellent leadership skills and with the ability to drive performance and development aligns work with all levels of management.
* demonstrated record of achieving project timelines and goals. Proactive, self-starter with proven track record of driving results. Critical thinker, impeccable data analysis and problem-solving skills.
* ability to work collaboratively with various stakeholder and flexibility to handle ad-hoc tasks and changing priorities.
* excellent interpersonal, written, and verbal communication skills and effective decision maker with ability to exercise independent judgement in a wide range of scenarios.
* advanced computer skills (microsoft excel, word, powerpoint, outlook, teams, powerbi various software packages).
* fluent in english, any other language is an asset.
education
* bachelor's degree or university degree, ideally business, administration, supply chain, econ.
the risk assessment analyst ii will work as a team member of wgu's risk management team. This individual will have practical experience in cyber & it risk management practices, specifically as it relates to information security. The analyst will conduct internal, third-party, and supplier risk assessments and provide control recommendations and oversee control implementation.
essential functions and responsibilities
* function as a lead analyst in one or more efforts to assist with risk analysis, third-party risk, exception to policy analysis and other security efforts.
* recommend and support the creation of tools, processes, and communications that support information security initiatives. Participate in the development of security policies, standards and procedures.
* develop and apply standards and procedures regarding security tools.
* participate in tactical projects as they arise to clarify and respond to identified security risks across different technical domains.
* conduct security risk assessments related to internal systems, projects, third-parties, suppliers, etc. based on industry accepted best practices; including, but not limited to nist and similar frameworks.
* conduct open-source intelligence (osint) research on third-parties, suppliers, and applications with regards to the security profile of the target of evaluation (toe).
* review exception to policy requests.
* work with engineers, architects, and other security professionals to understand risk of a system, project, third-party, supplier, or application and recommend security controls to mitigate known risks.
* work with it and business unit management to assure third-parties, applications, and suppliers are aligned with the university's security requirements.
* provide guidance and assistance to operational teams and third-parties to remediate security deficiencies identified in risk assessments.
* knowledge of nist, iso, and pci-dss standards as well as ferpa, glba, gdpr, hipaa, ftc regulations. Contribute to developing assessment plans building on the methodologies promoted by these standards and regulations to quantify risk.
* measure, collect, and report on key information security services and risk indicators.
* identify process gaps; recommend and support process improvement.
* act as an advocate for information security to help the business understand information security risks, standards, and best practices as they relate to third parties and products.
* ability to identify internal and external trends to identify risks.
* ability to articulate risk to management.
what you'll need or minimum qualification
* bachelor's degree in related field and 2 years of relevant work experience or 4-5 years minimum of information security experience.
* experience with security industry standards and best practices. Proven experience with interpretation and implementation of those standards in a corporate environment.
* experience recommending additional security requirements and safeguards.
* experience with cyber-security and privacy principles and controls used to manage risks related to the use, processing, storage, and transmission of information or data.
* knowledge of risk management best practices and frameworks.
* strong analytical and problem-solving skills.
* good written and oral communication skills.
* solution-driven approach to problems.
* detail oriented and result driven.
nice to have
industry certification (e.g., cissp, cism, crisc, cisa).
as an equal opportunity employer, we recognize our strength lies in our people and commit to creating an inclusive environment where all can thrive, regardless of race, age, gender orientation, sexual orientation, religion, or disability.
learn more about our wgu mexico team by clicking here.
#li-om1
#j-18808-ljbffr