Job Type: Full-Time

Exemption Type: Exempt

Wage Amount: $7,894 monthly minimum

The Enterprise Risk Management (ERM) Director is responsible for overseeing and managing the credit union's (CU’s) ERM Program. This position will design and execute holistic risk-based programs, evaluations, and solutions to further enhance the CU’s ERM Program. The primary purpose of this position is to assist A+FCU in instituting a framework that enables the organization to control costs, drive service excellence and mitigate risks through oversight of the ERM Program, which comprises the Vendor Management and Consumer Complaint Program (“Programs”).

The ERM Director is responsible for executing a comprehensive and systematic approach to identifying, assessing, monitoring, and managing risks associated with credit union operations such as products, services, legal, regulatory, consumer complaints, staffing, third party vendors and applicable services.

The ERM Director consults and collaborates with executive staff and department leaders regarding risk mitigation, due diligence, contractual terms and conditions, consumer complaints, compliance rules/regulations, guidance, and best practices associated with enterprise risk management and oversight. The Director must have strong critical thinking and creative skills as well as outstanding verbal and written communication skills. This position must possess a strong background in risk management with the ability to analyze a considerable amount of information and make sound decisions.

Essential Functions:

Enterprise Risk Management

• Oversee, manage, and maintain the CU's ERM Program, Vendor Management Program (VMP) and Consumer Complaint Program (CCP) to mitigate risks and ensure compliance with applicable rules, regulations, and best practices.
• Construct and deploy management reports, scorecards and dashboards reflecting the status of the Programs.
• Report to applicable committees on the Programs on a regular, consistent basis.
• Develop and implement policies and procedures to ensure effective management of third parties and associated services to include, but not limited to:
  • Selection and approval
  • Risk evaluation
  • Performance monitoring
  • Termination standards
  • Annual review to ensure alignment with the CU’s needs and risk management standards
  • Centralized operating model
  • 3^rd party Risk Scorecard using key 3^rd party provider risks: Strategic, Reputation, Operational, Transaction, Credit, Compliance and Digital/Cybersecurity
  • 3^rd party provider percentage usage within the CU
  • Process to:
    • Review an independent cybersecurity assessment on all 3^rd parties
    • Confirm that the 3^rd party or other individuals related to the origination of loans does not appear on the Federal Housing Finance Agency’s Suspended Counterparty Program List
    • Manage offshore 3^rd parties, where applicable
• Perform a root cause analysis on each consumer complaint to identify isolated and/or systemic anomalies.
• Evaluate, track, and monitor consumer complaints and maintain the Consumer Complaint Database.
• Formulate a formal written or verbal response to consumer complaints according to the organization’s protocol.
• Identify risk mitigation strategies for the Programs and collaborate with management on execution.
• Administer and maintain software solutions that aid in oversight of the Programs.
• Manage expenses and budget allocations.
• Develop and implement effective solutions to enhance the CU’s Programs.

Risk Assessments & Self-Assessments

• Conduct enterprise risk assessments and evaluations of the Programs to identify potential risks and areas for improvement.
• Establish and implement standards for the first line of defense to manage and oversee risks.
• Perform independent oversight and monitoring, and aggregate reporting on risks.
• Execute self-assessments of the Programs to monitor risks and effectiveness and implement timely corrective action.
• Collaborate with management to identify risks and risk mitigation strategies.

Contract Evaluation

• Assess third party contracts for effectiveness, efficiency, costs saving measures, compliance with applicable compliance rules, regulations, and guidance as well as applicable federal and state laws. Provide recommendations to management for inclusion of the aforementioned matters.
• Negotiate contractual terms with third parties.
• Create Addendum’s to contracts, where necessary, to fulfill the CU’s standards and contractual obligations.

People and Departmental Management

• Oversee the daily operations of the ERM team.
• Manage talent recruitment and retention; Lead a team of professionals and provide guidance and support, as needed.
• Assess job functions to ensure maximum efficiency and recommend staffing changes, as necessary.
• Ensure that ERM staff maintain member confidentiality and restricted reports confidentiality

Training and Development

• Develop and deliver training and guidance on ERM, vendor management, third party risk management and consumer complaint regulations, guidance, and best practices.

Strategic Focus

• Collaborate with management to identify and implement strategic initiatives that enhance the CU’s ERM, Vendor Management, and Consumer Complaint Program and reputation.
• Stay abreast of ERM, consumer complaint, and third-party risk management regulations, guidance and best practices and ensure that the CU’s Programs are properly aligned and compliant.
• Represent the CU in regulatory examinations and investigations relating to ERM, consumer complaints and third-party risk management.
• Work with the legal counsel, when applicable, to interpret and apply risk management rules, regulations, and best practices to the CU’s ERM program.
• Develop and maintain relationships with regulatory agencies and industry associations to stay informed of changes in ERM, third party oversight and consumer complaints.

Education and Experience

• Bachelor's degree in business or a related field is preferred or equivalent experience.
• Minimum of seven years of experience in enterprise risk management, third party risk management and oversight, and/or regulatory compliance in the financial industry.
• Minimum of five years extensive knowledge of regulations and best practices affecting enterprise risk management, third party risk management and consumer complaints programs in the financial industry.
• Three years of supervisory experience required.
• Master's degree, JD or a Risk certification preferred.

Knowledge, Skills & Abilities

• Analytical skills: Strong analytical and evaluation skills, with experience using ERM, 3^rd party/vendor risk assessment and consumer complaint methodologies. Must possess strong creative and critical thinking skills.
• Strategic thinking: Ability to think critically and strategically, with a focus on long-term solutions that enhance the CU's ERM, Vendor Management and Consumer Complaint Program.
• Communication skills: Strong written and verbal communication skills with the ability to effectively communicate with regulatory agencies, senior management, and staff.
• Critical thinking skills: Ability to identify potential direct, indirect as well as 3^rd party risks; Develop and recommend effective solutions to mitigate said risks.
• Attention to detail: Ability to review and analyze 3^rd party information, contracts, and performance data to ensure compliance with regulations and best practices. Detail oriented with ability to be flexible and work with multiple departments.
• People skills: Ability to build relationships with key stakeholders and collaborate with teams across the organization. Strong interpersonal skills and ability to make autonomous decisions.
• Adaptability: Ability to adapt to changes in risk management regulations and the financial industry.
• Knowledge: Working knowledge of risk mitigation strategies, third party risk management regulations and guidance as well as consumer rules and regulations.
• Desirable Traits:
• Outstanding judgment as well as a broad understanding of the potential implications of actions and decisions.
• Act conclusively in making solid, informed judgment calls in response to both the regulatory environment and the day-to-day business issues, with appropriate advancement where needed.
• Work reciprocally with various groups with potentially disparate objectives.
• Ability to effectively balance multiple conflicting priorities with associated target dates.
• Able to work flexible working hours and in emergency situations.

Decision Making

Types of Decisions Made Independently:

• Addressing risk management matters in accordance with regulation, guidance, law, policy, and procedure.
• Executing on departmental strategic plan objectives that fall within established policy and/or procedure.

Types of Decisions Requiring Supervisory Approval:

• Situations outside A+FCU policies and procedures.
• Judgment that apply broader aspects of established practices to situations, which go beyond clear, concise guidelines.

Physical Functions

• Must have the ability/stamina to work at least 40 hours a week.
• Will frequently reach, feel, bend, stoop, carry, finely manipulate and key in data.
• Must be able to engage in problem-solving skills to help identify and solve potential issues in the field.
• Must be able to communicate through telephone, email and in-person communications.

Work Environment

Work schedule requires the ability to work flexible hours, to travel and infrequently stay out -of-town overnight. Work creates moderate stress due to deadlines and multiple responsibilities. The job volume will vary along with the pace required to meet the needs of management and staff and ultimately the membership. This role and its team may work remote and requires the ability to effectively lead, manage and produce in a remote environment.

This is a remote position. Relocation is not included.