Credit Union:

OnPoint Community Credit Union


Portland, Oregon




Contact: Barry Nash
Email: [email protected]
Phone: (971) 369-6099

Job Description:


  • Manage and continuously improve OnPoint’s Third-Party Procurement and Oversight Programs.
  • Develop, participate in, and help drive outcomes for third-party procurement processes to ensure relationships established by OnPoint meet strategic and impact needs.
  • Lead processes to collect and maintain an inventory of OnPoint’s third-party vendors and define their risk category based on an assessment of factors associated with services provided.
  • Work with OnPoint’s external third-party due diligence support partner and directly with vendors and relationship owners to monitor, assess and report vendor risk and performance.
  • Review third-party policies, procedures, and controls (including SOC reports), partner with business process owners to ensure controls are in place and being followed by third parties, propose suggestions to business, and oversee and track action plans.
  • Partner with other OnPoint departments to ensure specialized risk elements (i.e. information security, compliance, etc.) are thoroughly reviewed and results are integrated with the broader third-party risk assessment process.
  • Build a system to track and report results and metrics that summarize third-party risk and performance, along with trends over time.
  • Develop and produce clear, effective, and timely reports and updates for relationship owners, senior management, and the Board of Directors regarding Third-Party Vendor Oversight Program effectiveness, initiatives, and issues, including relevant metrics,service level agreement performance, dashboards, and information.
  • Research, analyze, and identify opportunities for program improvements to enhance efficiencies, support member service, reduce risk exposure and meet regulatory expectations. Acquire support from management teams, peers, and vendors to implement related changes.
  • Execute and improve OnPoint processes and tools pertaining to the storage, organization, and management of third-party vendor contracts.
  • Lead processes to ensure ongoing third party compliance to the business agreement, policies, procedures, and regulations, along with agreed performance and compliance measures.
  • Facilitate resolution of third-party issues through OnPoint’s Issue Management Program.
  • Performs other duties as assigned.

Knowledge, Skills and Abilities:

  • Thorough understanding of the third-party risk oversight processes (i.e. risk assessments, due diligence, ongoing monitoring, etc.).
  • Knowledge of third-party due diligence documentation, including financial reports and service organization controls audit reports (SOC, SSAE18).
  • Ability to analyze third-party due diligence documentation and create comprehensive risk assessment reports.
  • Knowledge of third-party oversight best practices and ability to develop program maturity enhancements.
  • Strong verbal, written, and interpersonal skills to communicate effectively at all levels within the organization, as well as outside vendors/contacts.
  • Ability to work effectively with all levels of the organization, including executives and vendor relationship owners.
  • Strong analytical, critical thinking, and problem-solving skills.
  • Strong attention to detail; consistently achieve thoroughness and accuracy in work.
  • Strong project management skills and ability to work well under pressure to meet tight timelines.
  • Provide excellent service to both internal and external customers.
  • Ability to quickly and consistently establish rapport to collaborate effectively with stakeholders, team members, and service providers.
  • Ability to create and maintain policy and procedure documentation.
  • Must have Intermediate or greater proficiency with the Microsoft Office product suite


  • 4-6 years’ experience analyzing, interpreting, and summarizing third party due diligence documentation (SOC and financial statement audit reports, regulatory compliance documentation, and business continuity plans and testing results), preferably within a highly regulated industry (financial services, health care, etc).