Third-Party Risk Analyst II
About The Position
Description Summary: The Third-Party Risk Analyst, within the Third-Party Risk Management Program (“TPRM”), will be considered a subject matter expert in associated risk and risk management methodology and plays a pivotal role in the ongoing monitoring and assessment of FirstBank’s vendor portfolio and third-party risk appetite. The Analyst will be responsible for performing third-party risk assessments and analyzing the risk level of third-party engagements, both for new and existing vendors, to ensure overall vendor risk is in line with FirstBank’s risk methodology as well as regulatory and industry standards. The individual in this role will serve as part of the second line of defense for FirstBank by performing risk analysis functions and assisting with improvement efforts for various practices, policies, and procedures within the department. The Analyst must be a motivated, meticulous and practical self-starter. This individual must maintain confidentiality, professionalism, a helpful attitude and be able to work with a wide variety of people from business owners to external stakeholders. A willingness to learn and adapt quickly, with a positive and upbeat mindset, is critical to success in this role. Essential Duties and Responsibilities: Responsible for performing third-party risk assessments and analyzing the risk level of third-party engagements, both for onboarding new vendors and reassessments of existing vendors, as part of ongoing review and update cycles Partner with business units to ensure documentation is received and updated as needed Analyze due diligence documentation to arrive at risk level determinations against the Bank’s risk methodology and in accordance with regulatory and industry standards Assess the adequacy of due diligence documentation received from vendors as a level of quality control (QC) prior to passing on to subject matter experts (SMEs) Synthesize inputs from SMEs, vendor documentation, and business units to develop risk assessments and risk mitigation recommendations Author risk narratives to communicate what the key risks are for an engagement with a vendor that support why a certain risk level has been assigned Oversee the day-to-day risk mitigation, monitoring, analysis, and reporting as it relates to third-party relationships. Successfully completes vendor provided training Maintain certifications and keep current on regulatory requirements Serve as system administrator and onboarding back-up Perform other duties and responsibilities as assigned
Requirements
- Excellent verbal and written communication skills
- Must have strong computer skills and advanced knowledge of Microsoft Office applications
- Ability to quickly learn industry and job specific software
- Ability to independently complete assigned tasks in timeframe requested
- Strong critical thinking skills with the ability to make decisions under pressure
- Generalized quantitative and analytical skills
- General understanding of SOC reports, BCP/DR information, inherent risk and entity level controls
- Ability to prioritize requests and communicate effectively in a deadline driven environment
- Advanced organizational skills
- Understands fundamental risk theories, principles, and concepts (preferably in the context of third-party risk for financial institutions)
- Desires to seek job specific advanced training and certifications
- Ability to build strong partnerships with internal and external stakeholders
- Strong interpersonal and time management skills
- Bachelor’s degree and 2+ years of experience in TPRM, Compliance, Information Security, Quality Assurance/Control, Audit or other related Risk Management function
Nice To Haves
- Project Management experience considered a plus
- Banking experience preferred
Responsibilities
- Responsible for performing third-party risk assessments and analyzing the risk level of third-party engagements, both for onboarding new vendors and reassessments of existing vendors, as part of ongoing review and update cycles
- Partner with business units to ensure documentation is received and updated as needed
- Analyze due diligence documentation to arrive at risk level determinations against the Bank’s risk methodology and in accordance with regulatory and industry standards
- Assess the adequacy of due diligence documentation received from vendors as a level of quality control (QC) prior to passing on to subject matter experts (SMEs)
- Synthesize inputs from SMEs, vendor documentation, and business units to develop risk assessments and risk mitigation recommendations
- Author risk narratives to communicate what the key risks are for an engagement with a vendor that support why a certain risk level has been assigned
- Oversee the day-to-day risk mitigation, monitoring, analysis, and reporting as it relates to third-party relationships.
- Successfully completes vendor provided training
- Maintain certifications and keep current on regulatory requirements
- Serve as system administrator and onboarding back-up
- Perform other duties and responsibilities as assigned
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
1,001-5,000 employees
