Senior Third Party Risk Analyst

About The Position

Requirements

• Bachelor’s degree from a four-year college or university with a major or emphasis in Finance, Data Science, Information Security or related field; or equivalent combination of education and experience.
• Minimum 5-7 years of experience working with third party contracts, information security protocol documentation or financial documentation required.
• Extensive experience with Microsoft Excel, Word, Visio and PowerPoint.
• Knowledge of regulatory third party standards including New York Department of Financial Services cybersecurity (NYDFS), Office of the Comptroller of the Currency (OCC), Federal Financial Institutions Examination Council (FFIEC), and Consumer Financial Protection Bureau (CFPB).
• Ability to work with mathematical concepts such as probability and statistical inference.
• Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical situations.
• Ability to hypothesize on root cause of inefficiencies and then test out probable solutions against those hypotheses.
• Ability to analyze complex sets of data and develop creative solutions to support business needs.
• Ability to read, analyze, and interpret technical journals, financial reports, contracts and other related documents.
• Excellent interpersonal and communication skills with ability to directly influence others.
• Ability to accept new ideas and embrace change.
• Demonstrated organizational and time management skills.
• Must be capable of coordinating and organizing input from various channels, perform negotiation, resolve conflicts and build consensus at all levels of the organization.
• Must be able to read, write and speak English effectively.
• Excellent interpersonal, communication and listening skills are a must.

Nice To Haves

• Previous experience with operational risk analysis, including IT risks, software risks and security risks preferred.
• Prior experience with governance, risk and compliance (GRC) tools and contract negotiation preferred.
• One or more of the following certifications are preferred: Amazon Web Services (AWS) Certified Cloud Practitioner certification or similar Cloud based technology certification. Certified Regulatory Vendor Program Manager (CRVPM), Certified in Risk and Information Systems Control (CRISC), Certified Third Party Risk Professional (CTPRP), Certified Internal Auditor (CIA), Certified Financial Services Auditor (CFSA), Certified Fraud Examiner (CFE).

Responsibilities

• Recommends and implements innovations to continuously improve processes.
• Manages third party risk program templates, tools, procedures, and processes and updates as necessary.
• Designs and maintains Third Party Risk program tools, such as third party risk scorecards, risk assessments, workflows, reports and process improvement initiatives.
• Trains team members on tools and processes to ensure standards for purchasing are met.
• Partners and collaborates with the Legal, Information Security, IT, Finance and Business Continuity departments with complex risk assessments and related contractual matters.
• Gathers data for preparing reports and documents as requested.
• Synthesizes and prepares data for inclusion in reports and departmental presentations as requested.
• Prepares market analysis or data related to third party risk as necessary.
• Designs and manages complex data sets and draws conclusions related to third party and contract data.
• Maintains current knowledge of trends and best practices for third party risk and insurance industry.
• Analyzes the risk posed by third parties in the purchasing and third party relationship.
• Executes a risk-based engagement and monitoring program consistent with the third party risk program, regulatory requirements and third party Company policies.
• Produces robust governance and oversight reporting consistent with risk rating and program requirements.
• Analyzes complex financial reports and risk related reports to assess the third party’s financial viability and business legitimacy.
• Uses independent judgment based on data compilation and well documented processes to recommend or disqualify third parties from consideration in doing business with ICW Group.
• Completes information security review by assessing required third party documentation such as SOC reports, incident response plans and Cloud security protocols.
• Executes the third party risk management life cycle to include planning, due diligence, negotiation, ongoing monitoring, and termination of third party relationships.
• Manages relationships with third parties, current and prospective third parties, and other external constituencies involved in the third party risk program.
• Completes due diligence risk assessments, including financial viability reviews and information security requirements for potential ICW Group third parties.
• Vets third parties and negotiates terms related to risk remediation that are consistent with regulatory requirements and policies of ICW Group.
• Assesses third party on-going financial and commercial viability and identifies associated risks.
• Monitors third party performance for consistency with service level expectations.
• Collects and reviews supporting documentation for potential and existing Third Parties.
• Drives completion of ongoing assessments of ICW GROUP Third Parties.
• Manages library of Third Party documentation, scorecards and other applicable documents in applicable systems.
• Manages process improvements, contract standardization, and other departmental projects.
• Provides specialized advice and risk analysis results to various departments throughout the Company.
• Provides vetted third party related data and recommendations to business stakeholders in departments such as legal, compliance, information security, information technology and finance.
• Articulates and presents recommendations to stakeholders based on findings during the third party analysis process including financial strength data, information security practices and other operational risk measurements.
• Advises Buyers and other internal procurement professionals in third party risk assessments during selection and vetting.
• Audits current third party relationships and proactively escalates deficient third parties to the appropriate party, such as internal legal and finance leaders.
• Ensures satisfactory outcomes of regulatory audits and exams.

Benefits

• Challenging work and the ability to make a difference
• You will have a voice and feel a sense of belonging
• We offer a competitive benefits package, with generous medical, dental, and vision plans as well as 401K retirement plans and company match
• Bonus potential for all positions
• Paid Time Off
• Paid holidays throughout the calendar year
• Want to continue learning? We’ll support you 100%