Third Party Risk Analyst

About The Position

Requirements

• Requires 3+ years' experience in a position in risk management and/or adherence to regulatory requirements (e.g., PCI; HIPPA; or GLBA) related to the financial services or other heavily regulated industry.
• Experience in performing SOC 1 and SOC 2 audit reviews helpful but not required.
• Experience in remote and on-site vendor audits helpful but not required.
• Prefer experience in risk, compliance, vendor management or audit.
• Experience with RSA Archer eGRC a plus, but not required.
• Strong attention to detail and exceptional organizational skills required.
• Team oriented, flexible, integrity, ethical, professionalism required.
• Strong knowledge of various regulatory (CFPB, OCC, Federal Reserve, etc.) investor (Fannie Mae, Freddie Mac, Ginnie Mae) requirements related to third party engagements and oversight.
• Strong communication skills (written and oral) required, including the ability to effectively advise business teams across the bank.
• Ability to define problems, collect/analyze data, establish facts, draw valid conclusions, prepare reports, prioritize and manage several concurrent initiatives/projects preferred.

Nice To Haves

• Experience in performing SOC 1 and SOC 2 audit reviews.
• Experience in remote and on-site vendor audits.
• Experience with RSA Archer eGRC.

Responsibilities

• Perform complex risk assessments of current and prospective third-party business and technology providers to assess their control structure and alignment to regulatory, federal/state guidelines and bank requirements.
• Partner with internal stakeholders to assess the residual risk the third party presents to the bank.
• Manage timely completion of requests and follow-ups to third parties for appropriate documentation and review and evaluate materials submitted.
• Partner with internal business units and third parties to inventory all services, status, performance and risk assessments.
• Coordinate and manage the due diligence risk assessment of third-party services by internal subject matter experts within the bank.
• Complete a written assessment detailing third party's service inherent risk(s), strengths of risk scores, along with any risk gaps presenting elevated risk to the bank.
• Report findings through use of formalized reviews, exception reporting, and risk acceptance reporting.
• Oversee and confirm the resolution of any risk gaps identified during the risk assessment process.
• Contribute to various departmental projects related to third party management activities.

Benefits

• Health insurance coverage
• Wellness program
• Fertility and family building aids
• Life and disability insurance
• Retirement savings plans with a generous 401K match
• Paid leave programs
• Paid holidays
• Paid time off (PTO)