NightOwl Consulting Philippines Inc.

Third-Party Risk Manager

NightOwl Consulting Philippines Inc.  •  120k - 160k/yr  •  Remote  •  12 days ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Third-Party Risk Manager

Department: Operations

Employment Type: Full Time

Location: Client

Compensation: ₱120,000 - ₱160,000 / month

This role owns the day-to-day operation of the Company’s third-party risk management (TPRM)
program. The Third-Party Risk Manager administers vendor onboarding, risk tiering, due
diligence, periodic reassessment, ongoing monitoring, and termination across the full vendor
lifecycle in accordance with the Third-Party Risk Management Policy (TPRM02).

This position is the primary point of contact for business owners engaging new vendors, for
vendors responding to due diligence requests, and for internal partners — Legal, Compliance,
Information Security, and Finance — who depend on accurate vendor risk information. The role
administers the Company’s vendor management software platform, maintains the authoritative
vendor inventory, and produces reporting consumed by the Risk Management Committee and
senior leadership.

The Third-Party Risk Manager works under the oversight of the Chief Information Officer and
operates within the regulatory expectations of FHFA, CFPB, HUD, state financial regulators,
GSEs, and secondary market investors.

Key Responsibilities

  • Determine the inherent risk tier (Tier 1, Tier 2, or Tier 3) for every third party prior to contracting or engagement, consistent with the criteria defined in TPRM02.
  • Perform and document inherent risk assessments during onboarding, according to the policy reassessment schedule (annual for Tier 1 and bi-annual for Tier 2 vendors), and whenever a material change occurs in the vendor relationship.
  • Administer the due diligence process, including the issuance and evaluation of vendor due diligence questionnaires (DDQs), SOC 1 and SOC 2 reports, financial statements, insurance certificates, business continuity and information security documentation, and licensing or regulatory standing.
  • Maintain the authoritative third-party inventory, including assigned risk tier, services provided, data classification, system access, contract status, and all supporting documentation.
  • Administer the Company’s vendor management software platform, including profile setup, document collection, workflow configuration, expiration tracking, contract repository management, and audit history maintenance.
  • Monitor all vendors, contractors, and third-party counterparties against the FHFA Suspended Counterparty List (SCL) prior to engagement and on a recurring monthly basis; immediately escalate any matches to General Counsel and Compliance.
  • Coordinate contract reviews with Legal to ensure all required clauses are included, including information security, confidentiality, audit rights, subcontracting, breach notification, business continuity, termination, and return or destruction of data provisions.
  • Track and report vendor incidents, performance issues, breaches, and remediation activities; communicate findings to business owners and escalate material concerns to the Risk Management Committee.
  • Maintain documentation of vendor reviews, due diligence activities, identified risks, and required remediation efforts; provide training to business owners on intake and approval workflows.
  • Administer the vendor termination process, including coordination of the return of Company property and the return or destruction of Company data and information in accordance with legal and regulatory requirements.
  • Document and route policy exceptions for approval by the Third-Party Risk Manager and, when required, the Risk Management Committee.
  • Prepare periodic TPRM reporting and performance metrics for senior leadership, the Risk Management Committee, internal audit, external examiners, investors, and warehouse lenders.
  • Support audits and regulatory examinations by producing vendor inventories, risk assessments, due diligence files, and program documentation upon request.
  • Coordinate with the AI Governance Committee on due diligence and risk tiering activities related to third-party AI solutions and AI-enabled vendor features, consistent with RAIG01 Section 10.
  • Lead the annual review of the Third-Party Risk Management Policy (TPRM02) and recommend revisions for approval.
  • Perform other duties and responsibilities as assigned.

Skills, Knowledge and Expertise

  • Working knowledge of the regulatory landscape applicable to independent mortgage banks, including FHFA, CFPB, HUD, GLBA, state licensing authorities, GSE (Fannie Mae and Freddie Mac) seller/servicer requirements, and secondary market investor and warehouse lender expectations.
  • Demonstrated ability to evaluate SOC 1 and SOC 2 reports, information security questionnaires, financial statements, insurance coverage, and business continuity documentation, and translate findings into clear and well-supported risk decisions.
  • Experience administering a vendor management software platform such as VendorRisk.com, Venminder, ProcessUnity, Archer, or a comparable solution.
  • Strong understanding of inherent risk, residual risk, risk mitigation strategies, and the role of compensating controls within an effective risk management framework.
  • Excellent written and verbal communication skills, with the ability to brief executive leadership, prepare findings that withstand examiner and audit scrutiny, and explain risk decisions to non-technical business stakeholders.
  • Strong project management and organizational skills, with the ability to manage recurring assessment schedules across a large vendor population while maintaining accuracy and timeliness.
  • Solid working knowledge of Microsoft 365 applications, including Excel, Word, Outlook, Teams, and SharePoint, for reporting, documentation, file management, and collaboration.
  • Demonstrated discretion and sound judgment when handling non-public personal information (NPI), confidential vendor information, contractual terms, and other sensitive business data.

Experience Requirements:

  • Minimum of five (5) years of experience in third-party risk management, vendor management, operational risk, compliance, or audit, with demonstrated day-to-day ownership of a formal risk management program.
  • Minimum of five (5) years of experience within a regulated financial services environment; mortgage industry experience is strongly preferred.
  • Minimum of five (5) years of management, team leadership, or program leadership experience with responsibility for driving program execution, stakeholder engagement, and risk oversight.

Benefits

  • Above market salary
  • HMO on Day 1 for principal and two dependents
  • Government-mandated benefits
  • Performance-based Incentives
  • Quarterly Company Events
  • 1,000 PHP De Minimis
  • Equipment and software provided
NightOwl Consulting Philippines Inc.

About NightOwl Consulting Philippines Inc.

NMLS ID: 2427261

Real Estate Broker, California Department of Real Estate.

License ID: 02246527

We founded NightOwl Consulting Philippines Inc. to be a high-quality GBS while maintaining the highest standards of integrity. As prior clients of a BPO, we knew something was missing — a partner who valued their employees as much as their clients. The key to our success is ensuring our employees feel heard and valued.

Our goal is to provide high-quality BPO services at an accessible price, making outsourcing an affordable option for businesses of all sizes. As clients, we desired a more holistic approach to the traditional BPO. When creating NightOwl, we prioritized working closely with our clients to understand their needs and tailor our services to meet their specific requirements. At NightOwl we support you and your team in your success … we are your heavy lift!

Industry
HR & Recruiting
Company Size
51-200 employees
Headquarters
Quezon City, PH
Year Founded
2022
Social Media