Operational Risk Analyst Jobs in Maryland (NOW HIRING)

Role Summary

TheDirector- ThirdParty Risk Management is aSecond Line of Defense (2LoD)leadership role responsible for thestrategic development, oversight, and ongoing maturation of the firm'sThirdPartyRisk Management (TPRM) program. Reporting to the Head of Privacy & TPRM, this role is regarded as asubject matter expert in third-party riskand plays a key role in shaping the firm's risk strategy, governance framework, and operating model following the implementation of anoutsourced TPRMcapability.

TheDirectorprovides independent oversight, crediblechallenge, and assurance over first-line and outsourced TPRM activities, while building a sustainable, regulator-ready 2LoD function aligned with the firm's risk appetite and regulatory expectations.

Responsibilities

TPRM Strategy & Program Leadership:

• Serve as the firm'ssubject matter experton third-party risk management.

• Contribute to the development and execution of the firm'sTPRM strategy, roadmap, and target-state operating model.

• Lead the build-out and continuous improvement of a 2LoD TPRM functionfollowing outsourcing of due diligence and periodic reviews.

• Define and maintain TPRM policies, standards, risk methodologies, and oversight frameworks aligned with regulatory expectations and industry best practices.

• Ensure alignment of the TPRM program with enterprise risk appetite and governance structures.

• Lead assessment of emergingthird partyrisks and technologies, including AI, andintegratefindings into TPRM strategy, governance, and executive reporting.

Oversight of Outsourced & First-Line TPRM Activities:

• Provide independent oversight and effectivechallengeofoutsourced TPRM service providers, including due diligence execution and ongoing monitoring.

• Oversight of monitoring activities related toSLAs, KPIs, quality assurance standards, and performance metrics for outsourced partners.

• Report onsystemic control gaps, concentration risk, and emerging third-party risk themes across the vendor population.

• Escalatematerialthird-party risk issues and control deficiencies throughappropriate governanceand risk committees.

Risk Governance, Reporting & Regulatory Readiness:

• Design and deliver executive and board-level reporting on third-party risk, including trends, emerging risks, and risk appetite breaches.

• Lead TPRM-related regulatory exams, internal audits, and management assurance activities.

• Ensure TPRM documentation, evidence, and reporting areaudit-and exam-ready.

• Partner with Enterprise Risk, Compliance, Legal, Information Security, Procurement, and Technology while maintaining 2LoD independence.

Leadership & Capability Development:

• Provide leadership, guidance, and technical mentorship to TPRM risk analysts and managers.

• Establish clear roles, responsibilities, and RACI alignment across 1LoD, 2LoD, and outsourced providers.

• Drive adoption of data-driven, AI-enabled reporting and analytics to enhance risk insight and oversight efficiency.

• Promote a strong risk culture and consistent application of third-party risk standards across the firm.

Qualifications

Required:

• Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.10+ years of experience inthird-party risk management, operational risk, or compliance, withsignificant experiencein a2LoD capacitywithin financial services or asset management(or other industry subject to equivalent regulatory scrutiny).

• Demonstrated experiencedesigning, implementing, or maturing a TPRM program, including oversight of outsourced or co-sourced models.

• Deep understanding of regulatory expectations for third-party risk (e.g., SEC, FINRA, global regulators).

• Proven ability tooperateas a trusted expert and strategic advisor to senior leadership.

• Required Certifications (at least one): Certified Third Party Risk Professional (CTPRP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)

Preferred:

• Advanced degree (MBA, JD, or equivalent).

• Experience supporting global or complex vendor ecosystems.

• Additionalcertifications:

• ISO 27001 Lead Implementer or Auditor

• PMP or equivalent program management certification

• ExperienceleveragingAI, automation, or advanced analytics in TPRM oversight(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).

Tools & Technology (Preferred)

• Extensive experience with TPRM and GRC platforms (e.g., ServiceNow, Coupa).

• Strong executive-level reporting and data visualization skills (e.g., Power BI).

• Experience implementing metrics, KRIs, and dashboards aligned to risk appetite.

Key Competencies

• Recognizedexpertisein third-party risk management.

• Strategic mindset with hands-on oversight capability.

• Strong executive presence and ability to provide crediblechallenge.

• Excellent written and verbal communication skills.

• Ability to lead through influence in a matrixed, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.