Third Party Risk Management Jobs in Rochester, NY

STATUS: Full Time / Exempt

REPORTS TO: Senior Vice President, Enterprise Risk Management

LOCATION: Rochester

HOURS: 37.50 hours per week

SCHEDULE: Monday – Friday, 8:30am – 5:00pm

COMPENSATION: The salary range for this position is expected to be between $130,000-$140,000.

The actual salary will be determined based on experience and other-job related factors, consistent with applicable law.

Position Summary

Under the general supervision of the Senior Vice President of Enterprise Risk Management, the primary function and responsibility of the Director of Risk Management is to oversee the Credit Union’s enterprise-wide risk assessment program, vendor management function and physical security role. This position manages a team of professionals in the development, implementation, and execution of various operational risk initiatives at the credit union. The Director of Risk Management assesses the implications of various legal, regulatory, or operational risks on credit union decisions.

Perform all responsibilities in a manner that serves The Summit’s Mission and upholds the credit union’s values.

Essential Responsibilities - Must be capable of performing the following essential responsibilities, with or without reasonable accommodations, as outlined below.

• Lead the design, implementation, and ongoing maturity of the enterprise risk management (ERM) framework aligned with the Credit Union’s strategic objectives and risk appetite.
• Serve as a key advisor to senior leadership and the Risk Committee on risk exposures, emerging threats, and risk mitigation strategies.
• Ensure compliance with applicable regulatory guidance (e.g., NCUA, state regulators) and industry best practices.
• Coordinate cross‑functional risk activities with all departments including IT, Compliance, Fraud, Facilities, Human Resources, and Operations.
• Oversee periodic enterprise‑wide risk assessments, including operational, strategic, compliance, reputational, and third‑party risks.
• Monitor risk metrics, key risk indicators (KRIs), and reporting dashboards for exposure and control effectiveness.
• Ensure timely escalation of material risks, control weaknesses, or incidents to senior leadership and the Risk Committee.
• Oversees the Physical Security Officer in day‑to‑day direction and priority setting, ensuring alignment with organizational goals, while operating within a shared physical security governance model with Facilities, Information Security and Member Services.
• Coordinate with other Credit Union stakeholders to ensure appropriate safeguards are in place for members, employees, and asset protection (e.g., access controls, alarms, surveillance, cash handling controls).
• Oversee incident response, investigations, and post‑incident reviews related to robberies, break‑ins, workplace violence, or other security events.
• Lead the third‑party risk management (TPRM) program, and maintain robust due diligence, onboarding, risk tiering, and ongoing monitoring standards for vendors and service providers.
• Oversee the assessment of vendor controls related to security, business continuity, regulatory compliance, and financial stability.
• Ensure contracts and service‑level agreements appropriately address risk, confidentiality, audit rights, and regulatory expectations.
• Develop, maintain, and enforce risk management–related policies, standards, and procedures across the organization. Periodically test adherence to policies through reviews, assessments, and coordination with Internal Audit.
• Communicate risk concepts in a practical, business‑focused manner that supports informed decision‑making.
• Support risk education related to physical security awareness, vendor risks, and operational resilience.
• Stay informed of regulatory changes, industry trends, and emerging threats relevant to credit unions.
• Support regulatory examinations, audits, and remediation efforts related to risk management.

• Coordinate with the Director of Compliance and Risk Management in the execution of the compliance testing program to validate the integrity of current policies and procedures pertaining to regulatory adherence.
• Lead the vendor management function and supervise the ERM vendor management analyst in the execution of the vendor management program to provide for effective third-party risk management for the credit union.
• Assist SVP of Enterprise Risk Management with the overall disaster recovery preparedness of the Credit Union. Oversee the coordination, testing and maintenance of the credit union’s business recovery plan as necessary.

Other Responsibilities

• Perform other tasks and duties as assigned.
• Provide a positive example to all areas of the Credit Union through interactions with others.

*Note: The above information on this job has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Qualifications and Skills

Education & Experience - Applicants must possess the following qualifications or an equivalent combination of education and experience:

• Education: Must possess a four-year degree with a major in Business, Criminal Justice, Accounting, or other related field. Advanced degree and/or certification (Compliance, Risk Management, etc.) strongly preferred.
• Experience: A minimum of 10 years’ experience in a financial services organization, to include demonstrated leadership. NCUA regulatory compliance experience preferred.
• Senior manager with extensive experience in Enterprise Risk Management, governance, and regulatory oversight
• Trusted advisor to executive leadership on risk appetite, strategy, and resilience
• Proven leader in enterprise-wide risk program design and execution aligned to business objectives.
• Deep knowledge of risk frameworks and regulatory standards (e.g., COSO ERM, ISO 31000)
• Strong communicator recognized for translating complex risk into clear, actionable insights
• Collaborative leader with a record of building high-performing, cross‑functional teams

Knowledge/Skills/Abilities (including Technical & Systems/Equipment Proficiencies)

• Excellent leadership and communication skills
• Understanding of credit union products and services
• Excellent oral and written communication skills
• Sound analytical skills and strong problem-solving skills
• PC skills, including proficiency in Microsoft Word and Excel
• Ability to work under tight time frames and on issues that can have a significant impact on The Summit
• Ability to analyze data and make decisions or recommendations to Senior Leadership
• Ability to manage multiple deliverables, as well as ad hoc projects. Establish appropriate expectations and subsequently deliver the final product as agreed upon.
• Ability to manage multiple tasks
• Ability to keep duties organized
• Must be able to travel to various branches and the corporate office periodically or as needed to attend meetings

Physical Requirements

• Lifting (5-10 pounds)
• Standing/Sitting extended periods of time, while working in front of computer monitor
• Typing / Data Entry
• Professional Office Environment
• Overhead Lighting

Training and Compliance Requirements

Subject to the compliance requirements of all related federal regulations, including but not limited to; the Bank Secrecy Act (BSA), Anti Money Laundering (AML), Information Security and Privacy policies and procedures. Employees complete annual BSA, AML, Information Security, Privacy and other job-related training requirements as established by the Summit and within deadlines.

The Summit Federal Credit Union is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, protected veteran status, or status as a qualified individual with disability.