Conduct thorough assessments of new vendors across all risk areas, with a focus on information security, operational risk, financial risk, and compliance. Evaluate vendor responses to due diligence questionnaires and assess the adequacy of the provided evidence.
Assess vendor security controls and risk management practices by analyzing evidence, identifying weaknesses, and evaluating control effectiveness.
Perform periodic reviews of existing vendors to ensure they continue to meet security, compliance, and risk management standards, identifying any new or emerging risks.
Identify, document, and assess risks and control gaps. Rate vendor controls and risk levels in accordance with the Bank's methodology.
Develop risk remediation plans to address identified issues, working with vendors to gain agreement on timelines and actions. Follow up to ensure corrective actions are implemented in a timely manner.
Prepare assessment reports for stakeholders, documenting findings, risk levels, and remediation plans. Maintain thorough records of assessments and follow-ups.
Work closely with internal departments, such as Legal, Risk, Compliance, and Information Security, to ensure alignment on risk expectations and facilitate effective vendor risk management.
Identify opportunities to improve the vendor risk assessment process, including updates to questionnaires, assessment methodologies, and risk monitoring tools.
