Director of IT Vendor Management

JOB_REQUIREMENTS

Hires in

Not specified

Employment Type

Not specified

Company Location

Not specified

Salary

Not specified

Introduction:

Since 1973, East West Bank has served as a pathway to success. With over 110 locations across the U.S. and Asia, we are the premier financial bridge between the East and West. Our teams of experienced, multi-cultural professionals help guide businesses and community members on both sides of the Pacific looking to explore new markets and create new opportunities, and our sustained growth and expertise in industries like real estate, entertainment and media, private equity and venture capital, and high-tech help build sustainable businesses and expand our associates’ potential for career advancement.

Headquartered in California, East West Bank (Nasdaq: EWBC) is a top-performing commercial bank with a strong foundation, an enterprising spirit and a commitment to absolute integrity. East West Bank gives people the confidence to reach further.

Overview:

The Head of IT Vendor Management leads the first-line vendor oversight function for all technology vendors and business-owned vendors with technology dependencies across the bank’s operating environment. This hands-on leader is responsible for end-to-end lifecycle management of critical and high-risk vendors supporting functions such as FX, Treasury, Mortgage, BSA/AML/KYC, CRM, Online Banking, Core Banking, Card Servicing, Loan Operations, Wire & Payments, Infrastructure, Risk & Compliance, and Regulatory Reporting.

This role requires deep practical experience working with major financial services vendors and strong familiarity with regulatory expectations for vendor management and IT risk management in an LFI environment.

Responsibilities:

Vendor Governance & Oversight

Lead the first‑line IT vendor management program: Own governance, performance monitoring, and lifecycle oversight for all technology and technology-dependent business vendors.
Establish and maintain vendor segmentation: Classify vendors by criticality, risk tier, and regulatory impact.
Ensure compliance with regulatory expectations: Align with OCC, FRB, FDIC, CFPB, and FFIEC guidance for third-party risk management.
Enhance/strengthen vendor policies and standards: Ensure alignment with enterprise risk frameworks and technology control requirements in a fast-evolving vendor landscape.

Vendor Lifecycle Management

Oversee end-to-end vendor lifecycle: Due diligence, onboarding, contracting, performance monitoring, issue management, renewal, and termination.
Conduct technology-focused due diligence: Evaluate cybersecurity, resilience, data handling, cloud architecture, and operational controls.
Partner with business owners: Ensure business-owned vendors with technology dependencies meet enterprise standards.
Manage contract negotiations: Lead commercial, SLA, and risk-related negotiations with major vendors.

Operational & Technical Oversight

Monitor vendor performance and SLAs: Track KPIs, service delivery, incident response, and remediation.
Coordinate technology assessments: Work with InfoSec, Architecture, and Technology Risk to validate vendor controls.
Oversee issue and incident management: Ensure timely remediation of vendor-related technology issues, outages, or control gaps.
Support resilience and continuity planning: Validate vendor BCP/DR capabilities and alignment with bank requirements.

Risk Management & Reporting

Serve as first-line risk owner for vendor risk: Identify, assess, and mitigate risks associated with technology vendors.
Prepare executive and regulatory reporting: Provide dashboards, risk summaries, and board-level reporting.
Ensure audit readiness: Support internal audit, regulatory exams, and independent testing.
Managing vendor concentration and systemic risk: vendor risk mitigation to eliminate/minimize SPOF (single point of failure).
Drive continuous improvement: Enhance processes, tools, and controls to strengthen vendor oversight.

Leadership & Collaboration

Lead a small, high-performing vendor management team: Provide coaching, direction, and subject‑matter expertise.
Partner with cross-functional stakeholders: Technology, Procurement, Legal, Compliance, Risk, Finance, and Business Units.
Represent vendor management in governance forums: Risk committees, architecture councils, and operational reviews.
May perform other duties as assigned

Qualifications:

12+ years of technology vendor management experience in financial services.
Demonstrate extensive hands-on experience managing complex, fact-evolving vendor ecosystems, including SaaS, cloud-native, API-driven, and AI-enabled platforms used across financial services.
Demonstrated ability to evaluate emerging technology vendors (e.g., AI/ML providers, RegTech, and workflow automation platforms) and conduct deep-dive due diligence for operational resilience, data governance, and regulatory alignment.
Hands-on oversight of vendors with embedded or integrated technologies such as AI-powered decision engines, fraud detection & analytics, BSA & KYC/AML automation, or cloud-based microservices supporting critical banking functions.
Experience managing vendor concentration and systemic risk.
Ability to interpret and challenge vendor control environments across cybersecurity, AI governance, privacy, operational resilience, and third-party sub-dependency management.
Deep knowledge of regulatory requirements for third-party risk management.
Experience leading vendor due diligence, including cybersecurity, operational & technology risk, data risk, and operational resilience.
Strong contract negotiation skills and knowledge of digital transformation programs involving modernization of core banking, wire/payments, lending, or compliance systems using third-party vendor solutions.
Knowledge of IT controls and frameworks (NIST, CRI, ISO 27001, SOC 1/2).
Ability to interpret SOC reports.
Strong stakeholder management and written/communication skills.

Qualifications – Preferred

Bachelor’s degree in IT, Business, or related field; Master’s preferred.
Certifications such as CTPRP, CRVPM, CISM, CISSP, CRISC, and PMP are beneficial.
Experience implementing vendor management tools (Archer, ServiceNow VRM, Coupa, Fusion).

Applicants must have legal authorization to work in the United States. We do not offer visa sponsorship at this time.

Compensation: The base pay range for this position is USD $200,000.00/Yr. - USD $280,000.00/Yr. Exact offers will be determined based on job-related knowledge, skills, experience, and location.

Similar jobs