Review and Challenge Specialist

About The Position

Requirements

• Bachelor's degree in Business Administration, Information Technology, or related field
• 5+ years of experience in risk management, audit, compliance, or third party risk management
• Strong understanding of third party risk domains including cybersecurity, data privacy, business continuity, financial stability, and regulatory compliance
• Knowledge of relevant regulatory frameworks (e.g., Interagency Guidance, FFIEC, GDPR, SOC 2, ISO standards)
• Demonstrated ability to challenge assessments constructively and engage in professional skepticism
• Excellent analytical and critical thinking skills with attention to detail
• Strong written and verbal communication skills, including ability to articulate complex risk issues to various audiences
• Proficiency with Microsoft Excel or data visualization tools (pivot tables, Tableau, Power BI or similar)

Nice To Haves

• Professional certification such as CRISC, CTPRP, or similar
• Experience in financial services, healthcare, or other highly regulated industries
• Background in internal audit or quality assurance functions
• Familiarity with TPRM platforms and risk assessment technologies
• Experience with vendor contract review and risk-based performance monitoring

Responsibilities

• Conduct independent reviews of third party risk assessments performed by relationship managers and business units, validating completeness, accuracy, and adherence to organizational standards
• Challenge risk ratings, control assessments, and risk mitigation strategies to ensure appropriate classification and treatment of third party risks
• Identify gaps, inconsistencies, or areas requiring additional due diligence in vendor assessments and documentation
• Verify that all required documentation, approvals, and risk mitigation plans are in place in accordance with Program Requirements
• Review contracts, due diligence questionnaires, security assessments, financial analyses, and compliance documentation for completeness and quality
• Validate that appropriate risk assessment methodologies are applied consistently across different vendor types and risk tiers
• Ensure adherence to TPRM policies, procedures, and regulatory requirements throughout the vendor lifecycle
• Monitor and review exceptions to standard processes, ensuring proper justification and approval
• Analyze trends in third party risk assessments, identifying common deficiencies or emerging risk patterns
• Escalate high-risk findings or significant gaps in risk management to senior leadership
• Prepare detailed review reports documenting findings, observations, and recommendations for improvement
• Contribute to risk reporting for senior management, audit committees, and regulatory examinations
• Provide feedback to TPRM team members on assessment quality and areas for development
• Recommend enhancements to risk assessment frameworks, templates, and tools based on review findings
• Collaborate with other risk functions to ensure alignment with enterprise risk management standards
• Support the development and delivery of training materials to improve overall TPRM capability
• Partner with business units, procurement, legal, compliance, and information security teams to address identified gaps
• Facilitate discussions to ensure risk decisions are well-informed and appropriately documented
• Work with internal stakeholders when additional information or remediation is required
• Support internal and external audits related to third party risk management

Benefits

• Medical with wellness incentives, dental, and vision
• HSA with company match
• Maternity and parental leave
• Tuition reimbursement
• Mentor program
• 401(k) with 6% match