Sr Manager, Third-Party Risk & Operational Resilience

Please reference the schedule and minimum qualifications listed below before applying.

If you need assistance with filling out our application form or during any phase of the application, interview, or employment process, please notify our Human Resources Team at 801-366-6947 option 1 or email macurecruiting@macu.com and every reasonable effort will be made to accommodate your needs in a timely manner.

Job Summary

The Senior. Manager of Operational Resiliency is responsible for strengthening Mountain America Credit Union’s ability to prepare for, respond to, and recover from operational disruptions. This role leads the development and execution of the credit union’s business continuity and third-party risk management programs, ensuring alignment with regulatory expectations and enterprise risk strategy.
Reporting to the Vice President of Enterprise and Operational Risk, the Senior manager works cross-functionally to identify critical business processes, assess third-party dependencies, and implement controls that enhance organizational resilience. This role plays a key part in embedding resiliency into strategic planning and operational execution.

Job Description

LOCATION

Mountain America Center - In Office:

9800 S Monroe St
Sandy, UT 84070

SCHEDULE

Full time; This role can be hybrid with the expectation of three days in the office, depending on business need. 

To be effective, an individual must be able to perform each job duty successfully.

Business Continuity Management (BCM)

• Lead the design, implementation, and maintenance of the enterprise-wide business continuity program.
• Strengthen organizational preparedness through governance, testing, and recovery planning across all critical operations.
• Oversee the business impact analyses (BIAs) and risk assessments process to identify critical functions and recovery priorities.
• Drive the development and testing of continuity plans, including tabletop exercises, scenario simulations, and crisis management team exercises.
• Collaborate with IT and Information Security teams to align BCP efforts with Disaster Recovery (DR) capabilities. Ensure technical and business response plans are cohesive and executable.
• Ensure compliance with regulatory guidance (e.g., FFIEC, NCUA) and industry best practices.
• Serve as operational lead during crisis events or disruptions; provide situational risk reporting to leadership and ensure escalation protocols are followed.

Third-Party Risk Management (TPRM)

• Develop and optimize a scalable third-party risk management program tailored to the credit union’s operational complexity and vendor ecosystem.
• Oversee the third-party risk management lifecycle, including due diligence, risk assessments, contract reviews, and ongoing monitoring.
• Collaborate with Legal, business units, and other stakeholders to ensure vendor risks are identified and mitigated.
• Maintain a centralized inventory of critical third-party relationships and associated risk profiles.
• Support reporting and escalation of third-party risks to senior leadership and risk committees.

Operational Resiliency Strategy

• Integrate business continuity and third-party risk insights into the broader operational resiliency strategy.
• Monitor emerging threats and trends (e.g., cyber, supply chain, climate) that may impact operational continuity.
• Partner with IT, Facilities, and business leaders to ensure alignment between resiliency planning and enterprise objectives.

Governance & Reporting

• Develop and maintain policies, procedures, and governance documentation for BCM and TPRM programs.
• Prepare risk reports and dashboards for executive leadership and risk committees.
• Track and report on resiliency metrics, testing outcomes, and remediation efforts.

Knowledge, Skills, and Abilities

The requirements listed are representative of the knowledge, skills, and/or abilities required.  Reasonable accommodation may be made to enable individuals with disabilities to perform the essential job functions.

Education and Experience

• Bachelor’s degree in finance, risk management, economics, or related field required, advanced degree preferred.
• Minimum of 6 years of experience in enterprise risk, operational risk, or related risk disciplines.
• Understanding of ERM frameworks, risk appetite, and regulatory expectations for financial institutions.
• Demonstrated experience in leading and managing direct reports
• Understanding of SOC 2, SSAE-18, and financial statements

Certifications

•  Preferred certifications: CTPRP, ORCE, CRCMP, or similar risk-related credentials.

Skills

• Strategic thinking with strong analytical and problem-solving capabilities.
• Strong analytical skills with the ability to aggregate, interpret, and visualize complex risk data.
• Demonstrate the ability to respectfully question, escalate, and provide alternative perspectives when identifying risks through credible challenge.
• Builds trust with business partners by using facts, regulatory knowledge, and clear communication to influence outcomes.
• Excellent written and verbal communication skills. Ability to collaborate effectively with cross-functional teams, including Compliance, Internal Audit, and senior leadership.
• Familiarity with GRC (Governance, Risk, and Compliance) platforms and risk analytics tools (e.g., Tableau, Power BI, or similar).

Leadership and Organization Development

• Demonstrates ownership and accountability in delivering high-quality risk governance and reporting outcomes.
• Fosters a culture of collaboration, transparency, and continuous improvement within the ERM function.
• Provides mentorship and guidance to junior team members and peers, supporting professional development and knowledge sharing.
• Aligns team activities and deliverables with enterprise risk strategy and organizational goals.
• Effectively manages change and adapts to evolving regulatory, strategic, and operational priorities.
• Builds strong cross-functional relationships to influence outcomes and promote a unified risk culture.
• Contributes to succession planning by developing documentation, tools, and processes that support long-term team capability and resilience.

Scope and Strategic Impact

• Supports the execution of the enterprise risk framework by managing governance structures, policy oversight, and risk reporting processes.
• Plays a key role in shaping the credit union’s risk culture by ensuring transparency, accountability, and alignment with strategic objectives.
• Provides critical insights to executive leadership and risk committees through the development of risk dashboards, KRIs, and Board-level reporting.
• Enhances enterprise-wide risk visibility by aggregating and synthesizing risk data across business units.
• Drives consistency and quality in risk governance documentation, including committee charters, meeting materials, and reporting templates.
• Contributes to the development and refinement of the organization’s risk appetite framework and supports its integration into strategic planning.
• Collaborates cross-functionally to embed risk awareness into operational and strategic decision-making processes.

#LI-PN1

Mountain America Credit Union is an EEO/AA/ADA/Veterans employer.