Performs a combination of duties in accordance with departmental guidelines:Perform Third Party Risk assessments for complex, sensitive, and escalated Third Party assessments, including those requiring on-site reviews. In the course of executing these critical and sensitive assessments, evaluate Third Party questionnaire responses, perform control review/validation, and assess documentation per established procedures and standards. Perform periodic quality assurance and review of Third Party Risk assessments performed by all assessment team members to ensure that all assessments meet established standards and expectations. Actively solicit business partner engagement and buy-in by attending, and organizing where appropriate, periodic meetings with business partners to ensure Third Party Risk Management is appropriately meeting business needs. Coordinate, review and submit program analytics to leadership covering process utilization metrics, program Key Performance Indicators, Third Party Risk Key Risk Indicators, and escalation reporting and management. Support leadership in managing and implementing all identified program, process, and technology configuration process improvements in the Third Party Risk Management program roadmap. Own the design, implementation, and ongoing management of the enterprise weighted third-party risk scorecard, ensuring risk calculations consistently incorporate assessment results, issue severity, remediation status, performance metrics (SLAs/ KPIs), and monitoring signals to support prioritization, escalation, and executive decision-making. Develop and maintain interaction model with all relevant CNA Business and Risk Stakeholders. Ensure they are appropriately looped into TPRM processes and enabled to support TPRM through workflow, reporting, and analytics. Leveraging general Third Party Risk Management expertise, take the lead on performing regular updates of CNA’s Third Party Risk Management methodologies. Own enterprise-level governance, prioritization, and escalation of third-party issues to ensure remediation outcomes are risk-based, consistent, and defensible. Lead the support of TPRM Technology including the administration, management, configuration, and testing for all current TPRM technology. Additionally, monitor TPRM technology market landscape to ensure CNA's TPRM technology stack is appropriately updated. Develop and maintain a robust quality assurance program that extends outside of just individual auality control of assessments. May perform additional duties as assigned. Reporting Relationship. AVP or above. Skills, Knowledge & Abilities. Program expertise in Third Party Risk Management best-practices including industry security, business continuity, and data privacy standards, risk assessment testing procedures, issue management processes, and inherent/residual risk calculations. Compelling communicator; demonstrated verbal and written communication skills. Detail oriented with strong organizational skills and ability to manage multiple projects effectively. Ability to communicate and simplify technical concepts for those not familiar with risk management concepts, particularly in the context of business stakeholder training. Strong interpersonal skills with the ability to work with staff at all levels. Proven thought leadership and ability to provide informal guidance to more junior team members. Strong knowledge of Microsoft Office Suite and other business-related software systems including processing systems and applications. Education & Experience. Bachelor’s degree or equivalent. Typically a minimum of nine years of experience in Supplier Risk or Third-Party Risk assessment. Experience developing and managing remediation action/incident management processes. Experience in developing remediation action/incident management specific reporting and analytics. CISSP, CRISC, or CISA highly preferred#LI-CP 1#LI-hybrid. In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA’s benefits, please visit cnabenefits.com.