Program and Third Party Risk Management Director

The Director of Program and Third-Party Risk Management provides strategic leadership and oversight for two critical enterprise functions: the governance of the bank's strategic program portfolio and the oversight of third-party risk. This role is responsible for evolving the Enterprise Project Management Office (EPMO) into a Program Management Office (PgMO) that ensures transformation initiatives are delivered on time, within scope, and aligned to strategic growth objectives. The Director also ensures that third-party engagements comply with OCC regulatory expectations and industry best practices.

Principal Duties & Responsibilities:

Governance and Strategy:

Establish and continuously evolve the Program Management Office (PgMO) framework to ensure strategic alignment with PMI standards, OCC 2023-29 guidance, and internal governance bodies (PSC, MEC, MERC, ORC, Board Committees).
• Oversee program intake, prioritization, and approval processes, ensuring initiatives support corporate strategy, resource capacity, and enterprise risk appetite.
• Maintain and enforce PgMO policies, standards, and methodologies that promote discipline, consistency, and accountability across strategic programs.
• ead remediation of all open issues and audit findings (Second and Third line) related to PgMO and Third-Party Risk Management (TPRM).

Program Portfolio Management and Execution:

• Direct execution of a strategic program portfolio encompassing growth initiatives, operational efficiency, regulatory compliance, and technology modernization.
• Oversee the full lifecycle of programs-from business case development through execution, benefits realization, and closure-ensuring alignment with enterprise architecture and long-term business readiness.
• Implement program-level dashboards and KPIs for executive and board visibility into delivery health, financial performance, risk exposure, and value realization.
• Integrate enterprise architecture, resource management, and third-party oversight into program planning to ensure scalability, continuity, and resilience.

Technology and Data Enablement:

• Lead deployment and optimization of ServiceNow Strategic Portfolio Management (SPM) and Vendor Risk Management (VRM) modules as unified systems of record for governance, financials, capacity planning, RAID logs, and reporting.
• Implement timecard and resource management functionality to enable accurate tracking of actuals vs. planned capacity and cost across programs and vendors.
• Ensure data integrity, audit readiness, and real-time reporting capabilities across PgMO and TPRM platforms.
• Change Management and Business Adoption
• Embed organizational change management practices into program delivery to ensure leaders and employees understand, adopt, and sustain transformation initiatives.
• Partner with HR, Communications, and business unit leadership to reinforce role clarity, talent development, and long-term business readiness for strategic programs.

Third-Party Risk Management (TPRM):

• Oversee the enterprise-wide third party vendor risk management program in alignment with OCC 2023 Interagency Guidance, integrating risk tiering, due diligence, monitoring, and termination protocols into PgMO governance.
• Ensure program maturity addresses all regulatory touchpoints, including risk assessments, contract management, performance reviews, concentration risk, business continuity, and exit strategies.
• Maintain comprehensive documentation of processes, methodologies, and governance records to demonstrate program effectiveness to regulators and auditors.
• Lead inherent and residual risk scoring methodologies and embed vendor risk checkpoints throughout the program lifecycle.
• Establish escalation protocols for underperforming vendors or compliance gaps, with defined remediation plans and executive-level reporting.

Stakeholder and Regulatory Engagement:

• Serve as the primary liaison with regulators, internal audit, and executive committees on matters related to strategic programs and third-party risk.
• Partner with Legal, Compliance, IT Risk, Procurement, and Business Units to align program and vendor oversight with enterprise objectives and risk appetite.
• Report program and vendor status, issues, and regulatory gaps to ORC, MERC, and the Board's Enterprise Risk Committee, ensuring transparency and accountability.

Leadership and Cross-Functional Engagement:

• Lead, mentor, and develop a team of project managers, program managers, and third-party risk manager, contract specialist, and analysts; instilling a culture of accountability, ownership, and continuous improvement.
• Partner with executives across Operations, IT, Finance, Risk, Compliance, and Treasury to ensure alignment of priorities, efficient use of resources, and resolution of cross-functional dependencies.
• Role-model the bank's core values (Integrity, Excellence, Respect) and leadership pillars (Behaving Like an Owner, Driving Exceptional Results, Bringing the Best Out of Each Other, Passionate About Clients).
• Represent the bank externally in industry forums, peer groups, and associations to benchmark best practices and strengthen institutional resilience.

Program & Project Leadership

• 10+ years of experience in enterprise project, program management or operational management, with at least 3-5 years in a leadership role.
• Demonstrated success managing complex portfolios or strategic initiatives across business units.
• Experience contributing to or leading the development of a Program Management Office (PgMO) or similar governance structure is preferred.

Regulatory & Risk Oversight

• 3-5 years of experience in third-party risk management, vendor oversight, or enterprise risk functions.
• Working knowledge of OCC Interagency Guidance, FFIEC standards, and internal audit processes.
• Experience supporting regulatory exams or remediating audit findings.

Financial Services Industry

• Experience working in a regulated financial institution, preferably with $10B+ in assets.
• Familiarity with banking operations, strategic planning, and risk frameworks.

Technology & Data Enablement

• Experience with project portfolio management tools (e.g., ServiceNow SPM) and vendor risk platforms (e.g., ServiceNow VRM, Archer).
• Ability to interpret and present data through dashboards, KPIs, and executive reporting.

Stakeholder Engagement

• Strong communication and collaboration skills with cross-functional teams, including Risk, Compliance, Legal, and Procurement.
• Experience presenting to senior leadership or governance committees is a plus.

Knowledge & Skills:

• Deep knowledge of OCC regulations, interagency guidance on third-party risk management, and regulatory expectations for project governance.
• Expertise in enterprise project portfolio management, including governance, change management, benefits realization, and resource planning.
• Strong understanding of risk management, vendor lifecycle oversight, and operational resilience principles.
• Proficiency in ServiceNow modules (SPM, VRM/TPRM, CMDB, BCM) and ability to leverage technology for governance, automation, and reporting.
• Exceptional leadership, communication, and stakeholder management skills with proven ability to influence at the executive and board levels.
• Strategic and analytical mindset with ability to translate complex risk, regulatory, and operational matters into actionable business strategies.
• Strong organizational skills with ability to manage competing priorities, drive execution, and deliver measurable results.

• Bachelor's Degree in business administration, risk management, strategy, or related fields.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.