Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

The incumbent is responsible for all aspects of and will provide oversight, guidance and challenge to the Bank’s Third Party Risk Management (TPRM). S/he will establish and enhance the Third Party Risk Framework, draft and maintain TPRM policies and standards, develop and execute TPRM annual work plans, and conduct periodic risk assessments. S/he will also assess, monitor and track TPRM lifecycle activities, ensure documentation completeness, and prepare aggregated TPRM reports on risk data and analysis.

Include but are not limited to

Third Party Risk Management Framework

• Establish and enhance the Third Party Risk Framework, ensure it consists of appropriate components to effectively manage third party risks
• Update third party risk management policies and procedures
• Develop and execute a third party risk annual work plan to review and challenge risk identification, assessment, control evaluation and testing activities
• Utilize a consistent risk rating methodology for controls that aligns with the Operational Risk Framework
• Conduct periodic risk assessment of third party risks

Third Party Risk Management Lifecycle & Implementation of TPRM Second Line Review

• Assess, monitor and track third party risk management lifecycle activities as second line of defense
• Provide third party risk management guidance to First Line Units (“FLUs”)
• Ensure the completeness of the central documentations of the bank wide third party population
• Prepare aggregated third party risk report
• Keep abreast of current industry tools, trends, and regulatory requirements
• Work with other SMEs under the third party risk management framework to ensure the third party risk management activities are efficient
• Ensure third party risk management system is implemented and all updates are installed timely
• Provide timely training of system upgrades or updates to all system users

Risk Assessment

• Assist with new product management risk assessment process
• Assist with RACA quarterly review in the expertise of third party risk management

BSA/AML, Compliance, and Talent Management

• Complete required BSA/AML, and other compliance trainings as provided
• Beware of BSA/AML issues, provide risk warnings to First Line Units and internal risk management departments when noticed

• Bachelor’s degree is required, and an advanced degree is preferred
• Minimum 5 years of work experience in financial service industry is required
• Minimum 5 years of work experience in risk management and minimum 2 years of third party risk management experience are required
• Knowledge of operational risk management and assessment, regulatory and compliance, general IT risk/IT operation as well as business lines and workflow in financial/banking industry is required
• Certified Third Party Risk Professional or Certified Regulatory Vendor Program Manager is preferred but not required