• Supports the Director of Enterprise Risk Management in implementing and maintaining the bank’s enterprise risk strategy. • Performs data analysis to support risk reports and proposals presented to the Board of Directors, senior executives, and staff. • Serves as a Third-Party Risk Management specialist supporting the Bank’s vendor lifecycle processes, including onboarding, risk assessment, due diligence, monitoring, renewal, and termination. • Performs vendor risk assessments to evaluate inherent and residual risk based on criticality, data sensitivity, operational impact, and regulatory considerations. • Reviews SOC 1 and SOC 2 reports, cybersecurity questionnaires, financial information, and business continuity documentation to assess control effectiveness. • Assists vendor owners in identifying, documenting, and tracking remediation actions and risk mitigation plans. • Supports periodic vendor reviews to ensure alignment with contractual requirements and regulatory expectations. • Maintains accurate and complete vendor risk records within the Bank’s GRC system such as Archer. • Supports vendor contract reviews to confirm appropriate risk, confidentiality, business continuity, and termination provisions are addressed. • Collaborates with Information Security and Compliance to ensure vendors meet data protection and security standards. • Supports the Director of ERM in maintaining and enhancing the Third-Party Risk Management program in alignment with FDIC Interagency Guidance. • Assists in developing and maintaining vendor due diligence templates, risk scoring methodologies, and reporting tools. • Supports migration, configuration, and ongoing maintenance of vendor workflows within Archer GRC. • Identifies opportunities to improve vendor risk processes, documentation quality, and reporting consistency. • Assists with integrating vendor-related risks into RCSA processes, disaster recovery and business continuity testing, and incident management workflows. • Supports development of vendor-related risk metrics, KRIs, and dashboards for management and committee reporting. • Participates in enterprise risk assessments, audits, and regulatory examinations related to third-party risk. • Provides analytical support for ERM reports, dashboards, and risk summaries. • Prepares vendor risk reports, summaries, and supporting documentation for senior management and risk committees. • Tracks vendor-related issues, findings, and corrective actions through resolution. • Maintains regular communication with internal stakeholders and vendors to support effective risk oversight. • Embodies the TRAC Values and Critical Behaviors (Teamwork, Relationship, Authenticity, Commitment) as core principles, using them to guide daily interactions and decision-making. • Completes administrative tasks with a sense of urgency, including required Bank Compliance Training. • Responds to internal and external inquiries via email, phone, or messaging platforms in a timely and professional manner. • Positively represents the Bank through ethical conduct and community involvement. • Demonstrates an understanding of and commitment to EEO policies. • Fosters a respectful, inclusive workplace by valuing cultural differences, preventing harassment of any kind, and supporting a diverse workforce. • Ensures adherence to all Bank policies, procedures, and processes, along with applicable state and federal laws, rules, and regulations, ensuring confidentiality and data privacy while carrying out AML/CFT (Anti-Money Laundering and Countering the Financing of Terrorism) responsibilities specific to the role. • Performs duties in an office or home office environment, involving tasks such as writing, typing, speaking, lifting moderate weights, and operating office equipment. • The position requires physical activities like sitting, walking, and reaching. Reasonable accommodation can be made for individuals with disabilities to perform essential functions. • Travels up to 10%, including but not limited to attending company meetings, training sessions, and corporate events, with travel typically being regional or local based on business needs.

• Provide oversight for assigned vendors and providers in compliance with state and federal provider agreements, business and accreditation requirements • Maintain direct oversight for assigned vendors and providers • Participate in the development and maintenance of departmental policies and procedures • Support departmental subject matter experts in interpreting vendor and provider contract requirements, business, and compliance and regulatory requirements • Monitor delegated/non-delegated vendor/providers and internal business owner relationships to ensure compliance, optimal delegate/non-delegate performance and achievement of business goals according to service level and other contractual requirements • Document meetings with stakeholders to provide performance metrics feedback and identify opportunities to reduce risk and cure corrective action plans • Support the implementation of strategies to increase delegates/non-delegates engagement in driving toward quality outcomes and cost control initiatives • Support the development, approval and review of delegated/non-delegated contracts; ensure service levels meet current regulatory and quality baseline requirements • Conduct pre-delegation assessments, ongoing delegation oversight, annual audits, deficiencies, and corrective action plans for vendors/providers • Participate in joint operating committee and document quarterly business reviews, strategic partner reviews, and operational meetings with business owners and delegated/non-delegated vendors and providers • Maintain monthly/quarterly/annual reporting and ensure timely receipt of accurate and complete all regulatory and contractually required reports for delegated vendor and provider activities • Support delegated vendor and provider onboarding, including training, reporting and document retention; provide support to departments and business owners to enable effective management of delegates • Stay informed about the latest developments in delegation oversight field, including new products and services, through relevant subject matter resources, professional associations, industry conferences, training seminars, and other information sources • Support the development and accomplishment of delegation program activities in support of company strategies, goals and objectives • Coordinate activities with all levels of staff as well as with delegated and potentially delegated external entities through clear and concise verbal and written communication • Assist in managing operational problems by bringing the vendor and departmental ops teams together to develop solutions and implement a chosen course of action • Perform any other job duties as requested

• Responsible for management and oversight of key pillars within model risk governance and operation teams • Ensure efficient execution of the model risk management program • Manage and update the Model Risk Management Policy and related materials • Create relevant and effective model risk materials including periodic reporting • Provide, manage, and update enterprise-wide training periodically to stakeholders • Manage centralized reporting to enhance the Issues Management area for MRM

• Enable, govern, and oversee the full lifecycle of M365 Copilot AI solutions • Define and enforce governance policies for Copilot agent development, deployment, and lifecycle management • Onboard and train business makers to safely build Copilot agents • Monitor agent performance, compliance, and user feedback. • Stay current with Microsoft 365, Power Platform, and Copilot Studio updates.