Under the direction of the Manager, this role is responsible for the strategic oversight, execution, and continuous improvement of the enterprise’s vendor risk program. This position ensures alignment with regulatory requirements, internal governance standards, and business objectives across financial, operational, compliance, and cybersecurity domains. Partners with executive stakeholders to drive innovation, operational resilience, and enterprise-wide risk awareness.
Strategic Program Leadership: Leads the development and implementation of the Third-Party Risk Management (TPRM) framework, operating model, and governance structure. Aligns third-party risk strategy with enterprise goals, regulatory expectations, and evolving market dynamics. Oversees program maturity initiatives and ensures consistent execution across business units.
Technology Enablement & Process Optimization: Directs the design and enhancement of vendor risk systems, tools, and analytics platforms. Ensures data integrity, system scalability, and integration with enterprise risk architecture. Champions automation and process reengineering to improve efficiency, transparency, and scalability.
Stakeholder Engagement & Risk Advisory: Builds strategic partnerships with legal, compliance, IT, procurement, and business operations leaders. Provides expert consultation and training on vendor risk policies, lifecycle management, and emerging threats. Facilitates cross-functional alignment to ensure consistent application of risk practices and controls.
Regulatory Compliance & Audit Leadership: Maintains deep knowledge of global regulatory frameworks and industry standards governing third-party risk. Serves as the primary liaison for internal and external audits, assessments, and regulatory inquiries. Monitors emerging risks and proactively adjusts strategies to maintain compliance and resilience.
Risk Intelligence & Strategic Reporting: Synthesizes complex vendor data into actionable insights for executive decision-making. Develops and delivers strategic dashboards, board-level reports, and risk narratives. Identifies systemic trends and emerging threats to inform enterprise risk posture and strategic planning.
Team Leadership & Talent Development: Provides strategic leadership on all aspects of people management while modeling our leadership principles. Cultivates an environment where people are empowered to grow, take initiative, and succeed through clear direction, continuous coaching, and shared celebration.
Performs other duties and responsibilities as assigned.
Bachelor’s degree in financial audit, accounting, business, or a related field from an accredited institution is required. Equivalent work experience may be considered in lieu of a degree. Certification highly desired: CISA, CISM, CRISC, CISSP or related.
Minimum 12 years in financial regulatory risk, internal or external auditing, or information security—preferably within the financial services industry.
Must have foundational knowledge across key risk disciplines including information security, business continuity, data privacy, legal and regulatory compliance, and general business risk. Subject matter expertise in at least one of these areas is required. Minimum 5 years of people management experience.
Proficiency in Microsoft Office applications or similar software. Experience with Microsoft Project or similar project management tools is preferred.
Familiarity with: vendor risk or governance, risk, and compliance (GRC) tools such as ServiceNow, BMC, Archer, AuditBoard, or RiskRecon. standards such as SOC 1, SOC 2, PCI, NIST, or ISO 27001.
Ability to lead enterprise risk programs and influence senior leadership.
Apply strategic thinking, clear communication, and effective team leadership.
Strategic and execution-oriented thinker with strong business risk awareness, sound judgment, attention to detail, and professional skepticism
Exceptional communicator with strong relationship-building, and problem-solving skills across all organizational levels
Effective at driving change across people, processes, and technology in dynamic, complex environments
Collaborate across teams to promote a security-focused, business-aligned culture.
As a Bank of Hawaii employee, you ensure (or assist with ensuring) compliance with applicable laws, regulations, regulatory requirements and Bank policies and procedures, including but not limited to those related to Fair Banking, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act.
Delivering exceptional customer experiences is at the heart of what we do at Bank of Hawaii. We listen, understand and deliver what our customers need to help them build a better tomorrow.
We are an EEO/AA employer, including disability and veterans. For Bank of Hawaii's full EEO statement, please visit https://www.boh.com/careers.
Bank of Hawaii was founded in 1897 and provides a broad range of financial products and services to businesses, consumers and governments in Hawaii and the West Pacific. To view our social media guidelines, please visit boh.com/social-media.
