Third Party Risk Management Director (Remote)

As a leading regional bank, SouthState has been providing financial solutions to individuals, families, and businesses in the Southeast for more than 100 years. SouthState team members strive to create remarkable experiences while building meaningful and lasting relationships. We are proud to be a reflection of the communities we serve, and our team members share core values that make SouthState a great place to bank, and a great place to work.

SUMMARY/OBJECTIVES

The Director of Third Party Risk Management is responsible for all aspects of the Third Party Risk Management Program for the Company, including the development and implementation of a Third Party Risk Management Policy and Third Party Risk Management Program appropriate for the size and complexity of the Company that ensures compliance with regulatory guidance.

ESSENTIAL FUNCTIONS

The Third Party Risk Management Director will oversee and perform the following duties that are critical to the success of the Third Party Risk Management Program:

• Develop, maintain, and implement comprehensive Third Party Risk Management Policy and Third Party Risk Management Program commensurate with SouthState's size and complexity and aligned with regulatory guidance.

• Identify and implement procedures to correspond with regulatory heightened standards.

• Monitor the effectiveness of the Third Party Risk Management Program and its related standards and procedures and develop and implement enhancements as needed.

• Develop, implement, and maintain Third Party Risk Management technology solutions including vendor / contract onboarding system and system of record for Third Party vendors and contracts and implement proper controls and oversight to ensure integrity of the systems.

• Oversee integrations with other key systems including ServiceNow and Archer.

• Maintain active and complete contract inventory and vendor inventory in Third Party Risk Management system of record.

• Oversee vendor / contract onboarding and establish controls to ensure accuracy of data inputs and completeness of vendor / contract files.

• Track and monitor the key risks of the Third Party Risk Management business unit and implement plans to address gaps.

• Oversee performance of due diligence and Risk Assessment activities for applicable new vendors and coordinate the appropriate ongoing monitoring for existing vendors based on the risk of the vendor.

• Oversee development and implementation of contract management activities including contract reminders for contract renewals and expirations.

• Oversee maintenance and storage of all electronic copies of contracts and vendor documentation, evidencing compliance with Third Party Risk requirements.

• Review and/or facilitate the review of SOC Reports and internal controls documentation for applicable vendors, including providing Complimentary User Control Considerations to Business Units and reviewing management responses to Complimentary User Control Considerations.

• As a SOX control owner, oversee the collection of all SOC Reports for SOX vendors, ensure completion of the SOC Executive Summary and Complimentary User Entity Control template, the review of the SOC Executive Summary as compared the SOC Report, and submission to the SOX Governance Team for next steps.

• Maintain a working knowledge of the vendor relationships maintained by SouthState.

• Develop and implement Third Party Risk Management training for SMEs, Key Stakeholders, and business units.

• Provide management reports to the Director of Enterprise and Operational Risk, Management Risk Committee and Board Risk Committee quarterly.

• Oversee and participate in all audits and regulatory exams with a Third Party Risk Management component.

• Maintain satisfactory or better Regulatory and Audit ratings.

• Monitor OCC, FFIEC and other regulatory and industry-related websites and publications to ensure that Third Party Risk remains in compliance with regulatory requirements.

• Work closely with Risk Management, Legal, Compliance, Financial Intelligence and Audit functions to ensure proper coordination among the groups related to Third Party Risk controls.

• Ensure Third Party Risk policies, standards and procedures are current to ensure compliance with regulatory and other stakeholder expectations.

• Develop monitoring routines, including reporting, and standard tools for business unit use to promote increased and regular oversight of vendors, as well as action for noncompliance.

• Oversee completion of vendor risk assessments; assists business owners with completion of various vendor oversight requirements at time of vendor relationship inception, ongoing annual and biannual requirements, and requirements specific to contract renewal. Participate in Operational Risk meetings and projects.

• Assist in the development and execution of Third Party Risk department's business continuity plan.

• Oversee all merger activities related to vendors and contracts including discovery exercises, tracking vendors and contracts and keep, consolidate, terminate decisions, coordination of terminations with legal, and vendor / contract system of record conversions.

• Perform all activities initiated by Enterprise and Operational Risk such as Metrics, Q-Up, and RCSA processes.

• Liaise with Legal, Corporate Services, AI Governance, Information Security, and other SMEs as needed with regard to vendor and contract matters.

• Identify and recommend opportunities to enhance productivity, effectiveness, and operational efficiency for continuous improvement.

COMPETENCIES

• Advanced understanding of Third Party Risk Management programs supporting large, regulated financial institutions.

• Ability to build strong and trusted relationships and to engage, influence, and collaborate across the company.

• Working knowledge of the vendor relationships maintained by SouthState Bank.

• Ability to effectively lead a team, setting out clear objectives tied to overall department and Company strategies.

• Strong analytical and problem-solving skills with high attention to detail and accuracy.

• Project Management mindset focused on clear objectives and timely deliverables.

• Ability to multi-task and manage multiple project demands effectively with sustained value-added results.

• Excellent verbal, written, and interpersonal communication skills.

• Ability to prioritize work, manage competing priorities, meet deadlines, and excel in a dynamic environment.

• Strong organizational and time management skills

• Support a positive work environment that promotes service tobusiness partners, and quality, innovation, and teamwork.

• Strong proficiency in the use of MS Word, PowerPoint, Excel, Project and Visio for reports, analysis, and presentations.

Qualifications, Education, and Certification Requirements

• Education: Bachelor's Degree Required.

• Experience: A minimum of 8 years' experience in the regulated financial services industry with previous management, audit, compliance, or risk management experience.

• Certifications/Specific Knowledge: Excellent interpersonal skills. Strong computer and analytical skills. Strong organizational abilities, oral and written communications. Ability to analyze and make process improvement recommendations. Must be able to work in rapidly changing situations. Exceptionally self-motivated and the ability to motivate in a team-oriented, collaborative environment. Keen attention to detail and problem-solving abilities. Knowledge of regulatory requirements as it relates to Third Party Risk Management and other areas of compliance.

TRAINING REQUIREMENTS/CLASSES

SouthState Bank Annual Compliance Training, Systems Training: Ncontracts, ServiceNow, Archer

PHYSICAL DEMANDS

This position requires a large amount of time in front of a computer. This can be done sitting or standing with use of the right desk.

WORK ENVIRONMENT

Telecommuting roles no matter if hybrid or 100% full time telecommuting must have a secure home office environment that is free from background noise and distractions. They must also have a reliable private internet connection that is not supplied by use of cellular data (hot spot). Cable or fiber connections are preferred. Requirements are subject to change, as new systems and technology is delivered.

TRAVEL

Travel may be required to come to meetings as needed.

Benefits | SouthState Careers