Review and Challenge Specialist

Review And Challenge SpecialistThe Review and Challenge Specialist serves as an independent, critical evaluator within the Third Party Risk Management (TPRM) function, providing objective oversight and quality assurance of third party risk assessments, due diligence processes, and ongoing monitoring activities. This role acts as a second line of defense, ensuring thoroughness, accuracy, and consistency in third party risk evaluations while challenging assumptions and identifying gaps in risk identification and mitigation strategies. Key responsibilities include: Conduct independent reviews of third party risk assessments performed by relationship managers and business units, validating completeness, accuracy, and adherence to organizational standards Challenge risk ratings, control assessments, and risk mitigation strategies to ensure appropriate classification and treatment of third party risks Identify gaps, inconsistencies, or areas requiring additional due diligence in vendor assessments and documentation Verify that all required documentation, approvals, and risk mitigation plans are in place in accordance with Program Requirements Review contracts, due diligence questionnaires, security assessments, financial analyses, and compliance documentation for completeness and quality Validate that appropriate risk assessment methodologies are applied consistently across different vendor types and risk tiers Ensure adherence to TPRM policies, procedures, and regulatory requirements throughout the vendor lifecycle Monitor and review exceptions to standard processes, ensuring proper justification and approval Analyze trends in third party risk assessments, identifying common deficiencies or emerging risk patterns Escalate high-risk findings or significant gaps in risk management to senior leadership Prepare detailed review reports documenting findings, observations, and recommendations for improvement Contribute to risk reporting for senior management, audit committees, and regulatory examinations Provide feedback to TPRM team members on assessment quality and areas for development Recommend enhancements to risk assessment frameworks, templates, and tools based on review findings Collaborate with other risk functions to ensure alignment with enterprise risk management standards Support the development and delivery of training materials to improve overall TPRM capability Partner with business units, procurement, legal, compliance, and information security teams to address identified gaps Facilitate discussions to ensure risk decisions are well-informed and appropriately documented Work with internal stakeholders when additional information or remediation is required Support internal and external audits related to third party risk management Education and experience required: Bachelor's degree in Business Administration, Information Technology, or related field 5+ years of experience in risk management, audit, compliance, or third party risk management Strong understanding of third party risk domains including cybersecurity, data privacy, business continuity, financial stability, and regulatory compliance Knowledge of relevant regulatory frameworks (e.g., Interagency Guidance, FFIEC, GDPR, SOC 2, ISO standards) Demonstrated ability to challenge assessments constructively and engage in professional skepticism Excellent analytical and critical thinking skills with attention to detail Strong written and verbal communication skills, including ability to articulate complex risk issues to various audiences Proficiency with Microsoft Excel or data visualization tools (pivot tables, Tableau, Power BI or similar) Preferred qualifications: Professional certification such as CRISC, CTPRP, or similar Experience in financial services, healthcare, or other highly regulated industries Background in internal audit or quality assurance functions Familiarity with TPRM platforms and risk assessment technologies Experience with vendor contract review and risk-based performance monitoring Key competencies: Independent Judgment: Ability to form objective opinions and challenge prevailing views when warranted Risk Acumen: Strong understanding of various risk types and their potential impact on the organization Intellectual Curiosity: Drive to understand the "why" behind risk decisions and dig deeper into potential issues Diplomacy: Skill in providing constructive challenge while maintaining positive working relationships Process Orientation: Systematic approach to review activities with consistent application of standards Adaptability: Ability to adjust review focus based on evolving risk landscape and organizational priorities First Horizon Corporation is a leading regional financial services company, dedicated to helping our clients, communities, and associates unlock their full potential with capital and counsel. Headquartered in Memphis, TN, the banking subsidiary First Horizon Bank operates in 12 states across the southern U.S. The Company and its subsidiaries offer commercial, private banking, consumer, small business, wealth and trust management, retail brokerage, capital markets, fixed income, and mortgage banking services. First Horizon has been recognized as one of the nation's best employers by Fortune and Forbes magazines and a Top 10 Most Reputable U.S. Bank. Benefit highlights include: Medical with wellness incentives, dental, and vision HSA with company match Maternity and parental leave Tuition reimbursement Mentor program 401(k) with 6% match