Director Vendor Risk Management

Director Vendor Risk Management Honolulu, HI Job Details Full-time 2 days ago Qualifications Performance dashboard reports Dashboard development Certified Information Systems Auditor Stakeholder engagement Managerial strategic planning Strategic management PCI Automation ISO standards 5 years Regulatory compliance CISSP Bachelor's degree in business Compliance audits & assessments System design SOC 2 Data reporting Improving operational efficiency Compliance management implementation Information security Change management CISM Team development Bachelor's degree Continuous improvement NIST standards Bank experience Anti-Money Laundering (AML) compliance (compliance procedures implemented) Third-party risk management Business continuity planning ServiceNow Scalability Networking through strategic partnership building Productivity software Training & development Bachelor's degree in accounting Cybersecurity Senior level Strategic partnerships Microsoft Project Financial audit management Training Cross-functional collaboration Business Project leadership Leadership Vendor risk management Accounting Team motivation (leadership skill) CRISC Cross-functional communication Analytics Stakeholder management Full Job Description Under the direction of the Manager, this role is responsible for the strategic oversight, execution, and continuous improvement of the enterprise’s vendor risk program. This position ensures alignment with regulatory requirements, internal governance standards, and business objectives across financial, operational, compliance, and cybersecurity domains. Partners with executive stakeholders to drive innovation, operational resilience, and enterprise-wide risk awareness. Bachelor’s degree in financial audit, accounting, business, or a related field from an accredited institution is required. Equivalent work experience may be considered in lieu of a degree.

Certification highly desired:

CISA, CISM, CRISC, CISSP or related. Minimum 12 years in financial regulatory risk, internal or external auditing, or information securityâ€"preferably within the financial services industry. Must have foundational knowledge across key risk disciplines including information security, business continuity, data privacy, legal and regulatory compliance, and general business risk. Subject matter expertise in at least one of these areas is required. Minimum 5 years of people management experience. Proficiency in Microsoft Office applications or similar software. Experience with Microsoft Project or similar project management tools is preferred.

Familiarity with:

vendor risk or governance, risk, and compliance (GRC) tools such as ServiceNow, BMC, Archer, AuditBoard, or RiskRecon. standards such as

SOC 1, SOC

2, PCI, NIST, or

ISO 27001.

Ability to lead enterprise risk programs and influence senior leadership. Apply strategic thinking, clear communication, and effective team leadership. Strategic and execution-oriented thinker with strong business risk awareness, sound judgment, attention to detail, and professional skepticism Exceptional communicator with strong relationship-building, and problem-solving skills across all organizational levels Effective at driving change across people, processes, and technology in dynamic, complex environments Collaborate across teams to promote a security-focused, business-aligned culture. As a Bank of Hawaii employee, you ensure (or assist with ensuring) compliance with applicable laws, regulations, regulatory requirements and Bank policies and procedures, including but not limited to those related to Fair Banking, Anti-Money Laundering laws and regulations, Bank Secrecy Act and

USA PATRIOT

Act. Delivering exceptional customer experiences is at the heart of what we do at Bank of Hawaii. We listen, understand and deliver what our customers need to help them build a better tomorrow. We are an EEO/AA employer, including disability and veterans. For Bank of Hawaii's full EEO statement, please visit https://www.boh.com/careers.

Strategic Program Leadership:

Leads the development and implementation of the Third-Party Risk Management (TPRM) framework, operating model, and governance structure. Aligns third-party risk strategy with enterprise goals, regulatory expectations, and evolving market dynamics. Oversees program maturity initiatives and ensures consistent execution across business units.

Technology Enablement & Process Optimization:

Directs the design and enhancement of vendor risk systems, tools, and analytics platforms. Ensures data integrity, system scalability, and integration with enterprise risk architecture. Champions automation and process reengineering to improve efficiency, transparency, and scalability.

Stakeholder Engagement & Risk Advisory:

Builds strategic partnerships with legal, compliance, IT, procurement, and business operations leaders. Provides expert consultation and training on vendor risk policies, lifecycle management, and emerging threats. Facilitates cross-functional alignment to ensure consistent application of risk practices and controls.

Regulatory Compliance & Audit Leadership:

Maintains deep knowledge of global regulatory frameworks and industry standards governing third-party risk. Serves as the primary liaison for internal and external audits, assessments, and regulatory inquiries. Monitors emerging risks and proactively adjusts strategies to maintain compliance and resilience.

Risk Intelligence & Strategic Reporting:

Synthesizes complex vendor data into actionable insights for executive decision-making. Develops and delivers strategic dashboards, board-level reports, and risk narratives. Identifies systemic trends and emerging threats to inform enterprise risk posture and strategic planning.

Team Leadership & Talent Development:

Provides strategic leadership on all aspects of people management while modeling our leadership principles. Cultivates an environment where people are empowered to grow, take initiative, and succeed through clear direction, continuous coaching, and shared celebration. Performs other duties and responsibilities as assigned.