Senior Consultant, Due Diligence - Third Party Risk Management
Listed on 2026-07-07
-
Business
Risk Manager/Analyst, Regulatory Compliance Specialist
Role Overview
Third Party Program Execution / Program Management – part of the Chief Procurement Officer’s team for Third Party Management (TPMO). Responsible for design and execution of the Third Party risk management program in line with regulatory expectations, NT’s Third Party Risk Management Policy, and Third Party Practice Standard.
Responsibilities- Track program throughput through the lifecycle elements (Planning, IRQs, DDQs, Ongoing Monitoring, Contracting and Termination), periodic inventory review, open issues and open risk acceptance review.
- Manage and report on the Concentration Risk Third Party program, including setting metrics, establishing data, publishing reports, and escalating concentration risks.
- Design and periodically review program related artifacts, risk methodologies, service categories and associated risk profile, reporting thresholds, etc.
- Assist and guide business partners through various stages of the third‑party lifecycle to ensure quality program execution.
- Identify gaps and drive continuous improvement across the TPRM lifecycle; participate in improvement projects that automate or streamline repetitive tasks.
- Maintain documentation and evidence of controls, risk decisions, and remediations.
- Track milestones, dependencies, and deliverables across projects and/or an assigned portfolio of relationships.
- Engage with risk domain SMEs, vendors and vendor relationship managers as point of contact for program performance updates, risk issue escalations, and regulatory reviews.
- Provide business users’ input for 2
LOD deliverables and use dashboards and KRIs to monitor third‑party risk posture. - Report progress to the board, risk committees and regulators as needed; participate in cross‑functional teams associated with Third Party program requirements.
- Proven track record managing vendor risk and/or leading large‑scale risk or compliance initiatives.
- Expertise in third‑party risk frameworks and regulatory requirements.
- Experience with tools such as Coupa, Service Now, Cybeta, Interos or similar.
- Strong organizational skills and ability to influence activities across multiple teams.
- Outstanding writing, communication, and presentation skills.
- Sound analytical and problem‑solving skills.
- Strong networking ability and credibility through active listening and understanding.
- Bachelor’s degree and approximately 10 years of related work experience, with clear understanding of and experience in the Three Lines of Defense model.
- Thorough understanding of third‑party risk management, including designing program solutions, risk scoring and aggregation methodologies and committee reporting.
- Understanding of global risk regulatory requirements (US: OCC, FFIEC, FRB, FDIC; UK: PRA, FCA).
- TPRM related certification such as CTPRP or CTPRA (preferred).
Applicants must be authorized to work in the U.S. without the need for employment‑based visa sponsorship now or in the future. Northern Trust will not sponsor applicants for U.S. work visa status for this opportunity.
Reasonable AccommodationWe are committed to working with and providing adjustments to individuals with health conditions and disabilities. If you need a reasonable accommodation for any part of the employment process, please email our HR Service Center at
Equal Opportunity EmploymentNorthern Trust is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion or belief, nationality, ethnic or national origin, sex, marital status, sexual orientation, disability or age. All employment decisions will be made in a non‑discriminatory manner in accordance with our obligations under the law and codes of practice.
APAC/INDIA EEO STATEMENTIt is the policy and practice of Northern Trust to provide equal employment opportunities to all employees and applicants. Northern Trust does not discriminate on the basis of race, colour, religion, or belief, nationality, ethnic or national origin, sex, marital status, sexual orientation, disability or age. All employment decisions will be made in a non‑discriminatory manner in accordance with our obligations under the law and codes of practice.
CanadaEEO…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).