We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Lighthouse Credit Union jobs

Senior Business Risk Program Specialist

Lighthouse Credit Union
tuition assistance, 401(k), profit sharing, remote work
United States, New Hampshire, Dover
Aug 06, 2025

At Lighthouse Credit Union, we believe all individuals, regardless of position level, are considered leaders. By providing a framework that balances clarity with adaptability, our Leadership Competencies aim to foster a culture of continuous growth and agile leadership. Lighthouse Credit Union is committed to embracing change, nurturing leadership talent, and ensuring our performance management practices are aligned with our vision of fostering a resilient and forward-thinking organization. As such, we all hold ourselves accountable to the following:

LEADERSHIP COMPETENCIES

Demonstrates Interpersonal Awareness & Skills: A cornerstone of our collaborative work environment, this competency emphasizes effective communication, relationship building and teamwork. It also supports creating a positive work environment that values individual contributions and fosters teamwork. As an individual leader, you will demonstrate active listening, clear communication and contribute beneficially to team dynamics.

Embraces Change & Learning: This competency focuses on adaptability, personal development and the advocacy and embracing of progressive change. You will be challenged to explore continuous learning opportunities to achieve excellence and foster a culture of growth and innovation. As an individual leader, you will actively engage in personal development, embrace change enthusiastically and support team members in their growth. You will also demonstrate flexibility and adaptability in response to changing circumstances.

Utilizes Critical & Creative Thinking: Underlining the importance of innovative problem solving, challenging the status quo and strategic thinking, this competency is vital for driving excellence and leadership. This competency challenges team members to take initiative beyond one's immediate responsibilities. As an individual leader, you will actively look for and share opportunities for improvement, show open-mindedness to new ideas and professionally challenge inefficient processes. You will also actively contribute to defining solutions and promoting innovation.

Takes Personal Ownership: This competency focuses on taking responsibility for performance goals, proactive collaboration and accountability. It highlights the significance of each team member taking ownership of their role and contributions while demonstrating leadership qualities regardless of their position. As an individual leader, you will be actively engaged in setting and achieving performance goals, take responsibility for personal action and decisions and seek opportunities for self-improvement and skill development.

Location: Dover, NH

POSITION SUMMARY

The Senior Business Risk Program Specialist is responsible for leading and advancing the organization's Third-Party Vendor Management Program, Enterprise Risk Management (ERM) Program, and Business Continuity & Resilience efforts. This strategic role ensures regulatory compliance, risk mitigation, and operational resilience while collaborating and building partnerships with IT security, risk partners and business units to strengthen the organization's overall risk posture and vendor governance framework.

ESSENTIAL FUNCTIONS & RESPONSIBILITIES

Third-Party Vendor Management

* Owns and manages the organization's Third-Party Vendor Management Program, ensuring regulatory compliance and following industry-best practices.

* Serves as the primary strategic advisor on third-party risk for senior leadership, providing guidance on high-risk vendor decisions and control gaps.

* Conducts vendor risk assessments, including financial, cybersecurity, operational, and reputational risks. Reviews SOC 1, SOC 2, ISO 27001, and other assurance reports; documents and tracks risks and exceptions.

* Oversees and conducts vendor due diligence for new and existing vendors, ensuring contracts, security controls and compliance measures align with the organization's risk tolerance and objectives.

* Establishes and maintains vendor onboarding, contract negotiation, and termination processes to ensure alignment with security, legal, and compliance requirements.

* Leads annual vendor reviews, working with business units and risk partners to assess vendor performance and risk exposure. Ensures transparency by clearly communicating risk assessment results, vendor classifications, and rationale to business units, providing context on why a vendor is categorized at a specific risk level and how decisions impact the organization's risk posture.

* Collaborates with business line leaders and subject matter experts as applicable to integrate security requirements, performance SLA, and contractual assurances for security responsibilities, controls, and reporting into vendor contracts.

* Maintains a vendor risk database and risk register, tracking security compliance and performance.

* Works with Information Security and IT teams to evaluate third-party access to systems and ensure vendors comply with data protection requirements.

* Supports vendor incident response efforts, ensuring timely communication and remediation.

* Provides regular vendor-risk reporting to leadership, highlighting critical vendors, risk trends, and recommendations.

* Oversees compliance with Complimentary User Entity Controls (CUECs) by documenting organizational controls and business unit responsibility.

Enterprise Risk Management (ERM)

* Guides business units in understanding inherent vs. residual risk and acceptable risk thresholds.

* Conducts business risk assessments with business units to categorize, prioritize, and mitigate risks across the organization.

* Maintains an inventory of organizational risks, tracking status, ownership, and mitigation actions.

* Identifies annual risk assessment requirements, ensuring all critical areas are evaluated.

* Ensures risk assessment findings are delegated appropriately for corrective action and monitors the completion of remedial tasks to address identified risks.

* Works closely with compliance, IT security, and operational teams to document, address, and escalate risks as needed.

* Provides risk reporting to leadership and governance committees, ensuring transparency and informed decision-making.

* Monitors internal and external risk factors including economic, market, and regulatory risks to proactively identify areas of potential within the organization's assets.

Business Continuity & Resilience

* Leads the implementation and development of a comprehensive Business Continuity Program (BCP), ensuring operational resilience and regulatory compliance.

* Develops and maintains business impact analyses (BIAs) to identify critical functions, dependencies, and recovery time objectives (RTOs).

* Partners with IT and business unit leaders to integrate recovery priorities with technical disaster recovery (DR) plans.

* Ensures business continuity plans are regularly updated, tested, and integrated into vendor risk management.

* Coordinates the development, testing, and execution of business continuity and disaster recovery (BC/DR) plans.

* Participates in BCP tabletop exercises and evaluates the effectiveness of recovery strategies.

* Ensures alignment between vendor business continuity plans and the organization's disaster recovery strategies.

* Works with key stakeholders to ensure continuity planning is integrated into third-party risk management.

* Maintains documentation for regulatory audits, internal risk reporting, and leadership reviews.

JOB SPECIFICATIONS

* Possesses and exhibits excellent analytical, prioritization and time management skills.

* Self-motivated; proactively takes the initiative to accomplish necessary tasks and seize new and often challenging opportunities.

* Demonstrates strategic thinking and an enterprise mindset; capable of influencing risk-aware decisions at the senior leadership level.

* Strong knowledge of vendor due diligence, risk assessment methodologies, and contract management and ability to analyze vendor security, operational, and compliance risks.

* Must be familiar with risk identification and be able to provide recommendations for improvement; design, develop and implement potentially complex solutions related to risk management.

* Familiarity with GRC tools, vendor risk management platforms and proficient in Microsoft Excel and other software systems that may pertain to this position. Experience implementing automated workflows or dashboards for risk and vendor tracking is a plus.

* Comfortable presenting to committees and senior leadership, with the ability to translate complex risk issues into clear, actionable recommendations.

* Excellent written and verbal communication skills and attention to detail.

EDUCATION, TRAINING & EXPERIENCE

* Bachelor's degree in Business Administration, Risk Management, or related field or equivalent work experience.

* Certifications (Preferred): Certified Third-Party Risk Professional (CTPRP), Certified Business Continuity Professional (CBCP).

* Minimum 5-7 years of experience in risk management, vendor governance, and business continuity, with increasing responsibility.

* Strong understanding of NCUA, FFIEC, GLBA, and other associated regulatory requirements.

* Experience conducting vendor security reviews, business risk assessments, business continuity plan reviews and risk monitoring.

* Experience administering enterprise risk management software for financial institutions preferred but not required.

* Strong ability to manage vendor compliance programs and risk assessment frameworks.

WORK ARRANGEMENT: The working arrangement for this position is hybrid. Hybrid work is an opportunity to find the right balance between working in the office and remotely, especially if it supports individual success and the needs of our organization. Hybrid schedules are determined by the hiring manager based on business unit needs and may vary by department. Although a remote work arrangement may be authorized, those working in a remote position should expect occasional travel to headquarters or other business locations as necessary for work purposes.

_______________________________________________

Benefits We Offer:

  • Employee loan discount
  • Student loan/tuition assistance program
  • Comprehensive medical/dental/vision +
  • PTO and paid federal holidays
  • Weekly paychecks
  • 401k plan with employer match/profit sharing
  • Participation in the Annual Incentive Plan

Additional Perks:

  • Continued training and advancement opportunities
  • Balanced/Predictable schedule; all locations close at 5pm and on Sundays
  • Opportunity to join our many employee created Engagement Groups (e.g. Pride at Work, Women in Leadership, Book Club, Running & Walking)
  • Local Volunteer Opportunities with employer contributed Volunteer Day
  • Company Outings and annual Summit
  • Hybrid work environments

______________________________________________________________

LIGHTHOUSE CREDIT UNION IS AN EQUAL OPPORTUNITY EMPLOYER

Applied = 0
MORE JOBS LIKE THIS

(web-6886664d94-5gz94)