• Job Description

  Req#: R-520746

  Job Description

  The Program Manager will support as an individual contributor working within the Third Party & Audit Risk Managment (TPRM) team. Maturing, planning, and supporting Third Party Risk Assessments & SOC Audits. This Program Manager will be responsible for evaluating the controls of NCSI’s third parties. Providing progress updates, continuous improvement opportunities, and maturity plans to Credit & Payments account and delivery teams.

  The Program Manager will collaborate with the Manager, TPRA in providing third party oversight related vendor and partnership controls. This Program Manager will be responsible for preparation of the third party third party assessments. This role will be critical as we mature our internal controls, risk assessment, due diligence process, contractual oversight, and the overall Third Party Program. Including assisting with planning, executing, third party control assessment of all NCSI third parties. Collaborate with other areas of the business to maintain consistent with changing regulatory environment, new or legacy third party relationship, and assurance to SLA requirements are being met. Candidates should have a strong background in Audit, GRC, Vendor Management, or Third Party Risk Management, conducting assessment reviews, requesting evidence and documentation to support compliance and third party rationales.

  Responsibilities

  • Assist with the developing and maturing the Third Party Risk Program’s assessment lifecycle, processes, policies, procedures, and the methodologies to ensure continuous improvement
  • Perform Third Party risk assessment against industry standard frameworks and authoritative sources
  • Ability to articulate and mitigate risk through remediation planning and closure
  • Enforce third party risk management policies, procedures, and controls including the delivery of reports to supporting partners
  • Support leadership in preparing and managing third party assessment plans, project plans, timelines, and GRC integration tools
  • Coach and train peers of the team as well as peers across the wider organization
  • Partner with stakeholders (GRC, TPMO, Business Owners, Strategic Sourcing/Procurement, and Legal) to effectively coordinate the execution of third party assessments, controls, and third party contracts
  • Serve as second line control oversight SME for the Credit organization
  • Assist with annual refresh of program materials and roadmaps
  • Facilitate escalations, including non-compliance, tracking and monitoring risks & controls through the assessment reviews
  • Lead and provide guidance in the identification of potential control risks, implantation, and maintenance of audit processes and procedures
  • Own and scale audit framework as it relates to SOC 1 and SOC 2
  • Participate in internal control audits by assisting in report compilation and project administration tasks
  • Support leadership in preparing and managing audit plans, project plans, timelines, and budgets
  • Including other duties as assigned

  Qualifications

  • Bachelor’s degree in organizational management, risk management, business, computer science or similar degree, in lieu of degree five (5) to seven (7) years of experience
  • 3-5 years of experience, with vendor assessment, risk assessments, third party risk assessments,
  • Experience performing internal control reviews
  • Completion or desire to purse CRM, CTPRP, CISA, CRISC, CIA, or other relevant certifications

  Knowledge, Skills and Capabilities

  • Comprehensive knowledge of audit lifecycle, structures, and methodologies
  • Strong analytical acumen with proficiency in Microsoft Office tools (Excel, Word, PowerPoint, Visio), Project Management Tools, and SharePoint
  • Knowledge of internal controls and professional standards and regulations (Sarbanes-Oxley (SOX), TPRM Assessment Lifecycle, Service Organization Control (SOC), COSO, 3LOD Modeling

  Nordstrom Payments and Loyalty for this position can only hire remote in the following States: Arizona, California, Colorado, Illinois, Nevada, Texas, Utah, and Washington.

  We can offer this position full time remote except if you are located in the Denver, CO area and then there would be some in office work required.

  #LI-Remote

  We’ve got you covered…

  Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

  • Medical/Vision, Dental, Retirement and Paid Time Away
  • Life Insurance and Disability
  • Merchandise Discount and EAP Resources

  A few more important points...

  The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

  Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

  Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com .

  © 2022 Nordstrom, Inc

  Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

  Pay Range Details

  The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.

  California: $92,000 - $155,000, Colorado: $80,000 - $132,000, Nevada: $80,000 - $132,000, New York: $80,000 - $155,000, Rhode Island: $80,000 - $132,000, Washington: $92,000 - $155,000

• About the company

  An incredible eye for what's next in fashion. A passionate drive to exceed expectations. For more than 100 years, we've worked to deliver the best possible shopping experience, helping our customers express their style—not just buy fashion. Nordstrom, Inc. is a leading fashion retailer offering compelling clothing, shoes and accessories for men, women and children. Since 1901, we've been committed to providing our customers with the best possible service—and to improving it every day.

Notice