Company: St. Jude Children’s Research Hospital, Inc.
Position: Director – Third Party Risk Management
Location: Memphis, TN
Description: The Director – Third Party Risk Management will be responsible for leading the monitoring, assessment, and reporting functions of third-party risk management. This individual will partner with the Legal, Compliance, Audit, Supply Chain Management, and Information Security areas to create, implement, maintain, and review an effective third-party risk management program.
This position may be eligible for the possibility of remote work.
Job Responsibilities:
- Facilitate compliance with regulatory agencies’ requirements, facilitate compliance with policies and procedures, and aid in quality improvement.
- Interface, communicate, and collaborate with departments to mitigate risk and provide risk education.
- Develop and administer a Third-Party Risk Management Program including policies and procedures, guidelines, standards, templates, forms, and an overall governance process.
- Establish risk tiers and a framework for conducting risk assessments of third parties to identify and evaluate potential risks across multiple domains, including financial, operational, and reputational risks.
- Assist operational and business leaders in performing risk-based due diligence on third-party suppliers to ensure they meet the organization’s standards and regulatory requirements, taking into account geopolitical risk, compliance risk, reputational risk, financial viability, and resilience.
- Develop and implement risk mitigation strategies and controls to minimize the organization’s exposure to third-party risks.
- Implement ongoing monitoring capabilities to track changes in vendors’ risks profiles, regularly reviewing and updating risk assessments based on changes.
- Modernize the process for review and maintenance of vendor certificates of insurance.
- Review and recommend contractual language and evaluate new endeavors for minimizing potential risk exposure.
- Develop clear and concise metrics and analytics and prepare reports highlighting key risk metrics and insights for leadership, facilitating informed decision-making and heightened awareness of potential threats.
- Develop and deliver training programs to educate staff on third-party risk management policies, procedures, and best practices. Foster a culture of risk awareness and accountability throughout the organization.
- Coordinate with Risk Insurance function in review of institutional insurance policies as relevant to third-party risk.
- Support audit reviews, regulatory inquiries, and internal risk self-assessments as relevant to third-party risk.
- In conjunction with Legal, Compliance, and Internal Audit, collaborate in supporting the institution’s Enterprise Risk Management (ERM) Program.
- Perform other duties as assigned to meet the goals and objectives of the department and institution.
- Maintain regular and predictable attendance.
Contact: Ryan Greenwood ryan.greenwood@stjude.org or (901) 595-4935 or apply at https://talent.stjude.org/careers/jobs/JR4505?lang=en-us
Qualifications:
Minimum Education and/or Training:
Bachelors’ degree in Risk Management, Health Care Administration, Information Security, Business Administration, Paralegal Studies, or related field with a minimum of 10+ years of progressive, related experience OR Juris Doctorate degree with 8+ years of experience including internships.
Minimum Experience:
- 5+ years of experience managing initiatives and/or operational processes.
- Knowledge of principles of ERM and control frameworks (e.g., ISO, etc.) is preferred.
- Demonstrated ability to build strong relationships across the organization.
- Ability to discern and measure business-relevant risk from third-party risks and issues, and to identify cost-effective remediation options.
- Excellent communication skills, with the ability to articulate complex risk scenarios to diverse audiences.
- Strong analytical and problem-solving abilities.
- Experience in an academic medical center, hospital, or health care field is preferred.
- Global/international experience is preferred.
Special Skills, Knowledge and Abilities:
- Shows strong skills in thinking critically with a systemic view.
- Shows expertise in taking a structured approach to analyze and resolve issues.
- Able to distinguish between different sets of issues, set priorities, and make decisions.
- Builds internal connections and external partnerships across executive/leadership and other levels.
- Strategically understands stakeholder needs and manages expectations and relationships on a regular basis.
- Handles highly sensitive or tough situations with social and emotional grace and maturity.
- Models resourcefulness by reaching out to people within and outside functional groups to get work done effectively.
- Keeps large teams/ departments energized and focused on high-quality results by leveraging data/ analytics-based approaches.
- Builds systems, processes, and capabilities that can set and deliver a high-performance culture.
- Encourages a culture of customer centricity among peers and teams.
- Understands nuances and complexities of a customer issue/ requirement and goes beyond the task to think through new alternatives.
- Anticipates and addresses critical customer needs through engagement with cross-functional stakeholders.
- Is able to summarize complex legal observations from analysis effectively to a diverse audience to support strategic decision-making.