Third Party Risk Analyst

About The Position

Requirements

• Degree in a related field or equivalent combination of education and experience.
• 2–5 years of experience in Third-Party Risk Management, Vendor Risk, Compliance, Audit, or Operational Risk.
• Experience conducting inherent risk assessments and due diligence activities.
• Experience performing financial reviews and adverse media reviews.
• Strong understanding of the vendor risk lifecycle, including onboarding, monitoring, and governance activities.
• Knowledge of risk-based assessment methodologies.
• Understanding of cybersecurity and information security risk concepts.
• Exposure to emerging technology risks such as AI, cloud, and global risk landscape considerations.
• Strong analytical, audit, compliance, and risk assessment skills.
• Excellent stakeholder communication and relationship management abilities.
• Strong attention to detail and ability to assess control environments.
• Training and facilitation skills.

Nice To Haves

• Familiarity with regulatory guidelines such as OSFI B-10 is considered an asset.
• Experience reviewing SOC reports, ISO certifications, or equivalent control documentation is preferred.
• Experience using TPRM tools or platforms such as Archer, Ivalua, or ProcessUnity is considered an asset.

Responsibilities

• Conduct inherent risk assessments to evaluate third-party risk based on service criticality, data sensitivity, and regulatory impact.
• Perform financial due diligence, including analysis of supplier financial health and credit ratings.
• Conduct adverse and negative media reviews to identify reputational, legal, or operational risks.
• Assess supplier risk posture and identify areas requiring additional due diligence or mitigation.
• Support contract owners and business stakeholders through training and guidance on third-party risk management practices.
• Support ongoing supplier monitoring and governance activities across the vendor lifecycle.
• Conduct ongoing monitoring activities to ensure suppliers maintain effective control environments.
• Support governance activities, including periodic supplier reviews and documentation of risk posture.
• Track and manage issues, risk findings, and policy exceptions while ensuring timely resolution.
• Monitor supplier risk indicators, including financial performance, adverse media, and emerging global risks.
• Ensure adherence to internal third-party risk management policies and standards.
• Support regulatory compliance activities, including alignment with OSFI B-10 or equivalent guidelines.
• Assist with internal and external audits, including documentation and remediation tracking.
• Maintain accurate and complete risk assessment documentation and audit trails.
• Partner with business units, procurement teams, and risk functions to support vendor oversight activities.
• Communicate risk assessment outcomes and recommendations clearly to stakeholders.
• Contribute to the enhancement of third-party risk management processes, tools, frameworks, dashboards, and metrics.
• Stay informed on emerging risks, regulatory changes, and industry best practices.

Benefits

• Salaried: $40-46 per hour.
• Incorporated Business Rate: $46-53 per hour.
• 6-month contract with the potential for permanent employment.
• Full-time position: 37.50 hours per week.
• Day schedule, 37.50 hours per week.