Third Party Risk Analyst

About The Position

Requirements

• Bachelor’s degree in business, information systems, cybersecurity, risk management, or a related field (A comparable combination of work experience and training may be substituted for education requirements.)
• Minimum of 1 year of experience in risk, compliance, vendor management, procurement, or audit
• Working knowledge of risk frameworks (NIST CSF/800-53, ISO 27001, SOC 2) and industry regulations (e.g., GLBA, HIPAA, GDPR/CCPA)
• Proficiency with Excel/Sheets; familiarity with GRC/TPRM tools (Archer, ServiceNow, OneTrust, Prevalent, ProcessUnity)
• Strong analytical, writing, and documentation skills
• Ability to maintain a high level of confidentiality
• Ability to prioritize tasks by effectively managing competing and changing priorities to meet deadlines
• Accurate, detail-oriented, and organized with task management
• Ability to analyze and resolve difficult and often complex problems or situations
• Strong written, verbal, and interpersonal communication skills to interact effectively with members, staff, vendors, and government regulators
• Strong knowledge and understanding of credit union products, services, policies, and procedures
• Strong knowledge and understanding of regulatory compliance
• Strong knowledge and understanding of credit union computer systems and software applications required to perform job duties

Nice To Haves

• Experience with contracts, vendor SLAs, and financial services preferred

Responsibilities

• Perform initial and periodic inherent/residual vendor risk assessments across security, privacy, operational, financial, and compliance domains
• Issue and track standardized questionnaires and review SOC reports, ISO certifications, insurance certificates, privacy policies, and BC/DR plans
• Maintain accurate vendor inventories, lifecycle statuses, findings, ratings, and remediation actions in the TPRM system of record
• Support contract reviews by identifying standard risk clauses (SLAs, data protection, audit rights) and escalating gaps to the director
• Monitor vendors using internal KPIs/KRIs and external data (financial health, adverse media); trigger re-assessments when thresholds are met
• Prepare dashboards and evidence packages for audits, regulatory exams, and management committees
• Coordinate with stakeholders to track remediation and verify closure of issues by due dates
• Contribute to process documentation, playbooks, templates, and operational efficiency initiatives
• Maintain knowledge and understanding of current trends, laws, and issues affecting the area of expertise
• Complete annual compliance and info security training to understand employees' role in maintaining effective compliance and security programs
• Attend educational events to increase professional knowledge

Benefits

• Financial Well-Being: Bonus Program up to 12%, 401K Matching up to 8%, Retirement Planning, Pay Increases based on Competency, Employee Loan Discounts, Flex Spending Accounts
• Wellness: Medical Coverage, Dental and Vision Coverage, Access to 4,000+ Gyms, Mental Health Resources, PTO Wellness Days, Short Term and Long Term Disability Coverage
• Work-Life Balance: 11 Paid Holidays, 3 weeks of Paid Time Off, 4 weeks of Paid Parental Leave, Birthday PTO
• Community Involvement: Paid Volunteer Hours
• Growth: Degree Assistance up to $5,000 per year