Third-Party Risk Analyst

The Third-Party Risk Analyst assists the First Vice President, Information Security Officer (ISO) in the administration, deployment and continual refinement of the enterprise-wide Third-Party Risk Management Program (TPRM). This position is responsible for enhancing the current processes to measure, analyze and manage vendor management risks and to ensure any risks outside of the Bank’s risk appetite are prioritized and mitigated.

• Conduct risk assessments of prospective third parties to evaluate the security posture, governance, risk and compliance practices of third-party service providers. This involves the analysis of evidence provided by third-party service providers in accordance with the Bank�s vendor due diligence procedures.
  
• Perform ongoing monitoring activities of the Bank�s vendors, in accordance with the vendor criticality rating, to evaluate the adequacy of vendors� internal controls in place to protect the confidentiality, integrity and availability of Bank information. Vendor monitoring also includes performance monitoring to identify potential issues, areas of non-compliance or deviations from the expected performance levels and success criteria.
  
• Contributes to the continuous improvement and execution of the Bank�s risk based TPRM program, including the underlying policies, standards and procedures.
  
• Analyzes vendor service providers to identify opportunities for efficiency and reduce third-party supplier costs.
  
• Maintains an accurate inventory of third-party suppliers in the Bank�s governance, risk and compliance platform.
  
• Assists control owners in identifying the business process controls that adequately address the complementary user entity control (CUEC) considerations identified in System and Organization Control (SOC) reports.
  
• Provides 2nd Line of Defense monitoring and testing of adherence to the TPRM program, policies and procedures.
  
• Identifies and escalates emerging third-party risks to vendor owners and management and ensure they are being adequately addressed by vendors.
  
• Report results of risk assessments and vendor risk management activities appropriately to Management and management committees.
  
• Serves as a liaison to business partners in each division. Provides guidance to the business line resources in the 1st Line of Defense and other stakeholders to facilitate the end-to-end execution of the TPRM program.
  
• Oversee vendor performance metrics and service level agreements (SLAs).
  

• Crosstrain peers and new employees on relevant vendor management policies, procedures and activities.
  
• Contribute to the timely remediation of Internal Audit and regulatory issues.
  
• Various other activities as assigned by the ISO and/or ERM leadership.
  

The successful candidate for this position must meet the following requirements:

• Bachelor�s degree in Business Administration with a major in information security, risk management, finance, accounting or a related field.
  
• A minimum of three to five years of risk management work experience is required, preferably within the banking or insurance industries.
  

Preferred experience/knowledge:

• At least five years of direct information security or information technology risk experience in the banking, financial services, or insurance industries.
  
• Understanding of banking operations and policies, regulatory requirements, and knowledge of internal controls relative to banking organizations.
  

Required Knowledge, Skills, and/or Abilities

• Strong knowledge of internal control concepts relative to banking organizations.
  
• Excellent analytical, planning, organizational, communication, and decision-making skills.
  
• Strong interpersonal skills; must be able to interface professionally and collaboratively with all levels of associates.
  
• General knowledge of risk management processes, cybersecurity principles, control frameworks (e.g. CIS Critical Security Controls) and regulatory expectations (e.g. FFIEC Interagency Guidelines).
  
• Knowledge of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management Framework.
  
• Knowledge of The Institute of Internal Auditors� (IIA) internal auditing standards.
  
• Familiarity with Service Organization Controls (SOC) reports and Complementary User Entity Controls (CUECs) identified within.
  
• Ability to work in a dynamic environment, handle multiple priorities and manage workload based on evolving business needs and regulatory expectations.
  
• Ability to work proactively and identify solutions to business problems with consideration for known constraints.
  
• Strong attention to detail and ability to work independently as well as part of a team.
  
• Proficiency with the Microsoft Office suite (i.e. Word, Excel, Visio and PowerPoint).
  

Performs work within established guidelines and according to specific procedures. Establishes short-range plans aligned with the strategic Enterprise Risk Management objectives.

• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Any physical demands or work conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions Strong vendor management and negotiation skills.
  
• Ability to read and understand invoices, contracts, and work proposals.
  
• Excellent communication and organizational skills.
  
• Proficient in Microsoft Office Suite (Excel, Word, Outlook, Teams).
  
• Strong problem-solving ability and attention to detail.
  
• Reliable, self-directed, and able to manage competing priorities across locations.
  

• Experience in the banking or financial services industry.
  
• Familiarity with facilities management software or ticketing systems.
  
• Working knowledge of OSHA and basic workplace safety standards.
  
• Construction Project Management
  

Job Type: Full-time

Pay: From $93,000.00 per year

Benefits:

• 401(k)
  
• 401(k) matching
  
• Health insurance
  
• Paid time off
  
• Volunteer time off
  

Work Location: In person