Third Party Risk Management Analyst

About The Position

Requirements

• Working knowledge of third-party risk management practices and regulatory expectations within a regulated financial services environment.
• Strong analytical skills with the ability to assess risk data, identify trends, and support informed decision-making.
• Excellent organizational and documentation skills with high attention to detail.
• Ability to collaborate effectively with cross‑functional stakeholders while operating under Program Manager direction.
• Strong written and verbal communication skills to support clear documentation, issue analysis, and timely escalation.
• Proficiency with Microsoft Office (Excel, Word, PowerPoint) and risk management or workflow tracking tools.
• Requires a minimum of 1 year of experience supporting third‑party vendor management, operational risk, compliance, information security, or a related risk discipline within a regulated industry.
• Requires hands‑on experience supporting vendor due diligence, ongoing monitoring, documentation, and issue tracking activities.
• Experience coordinating with cross‑functional stakeholders (e.g., Information Security, IT, Compliance, Finance) to collect and organize risk assessment inputs.
• Experience producing or maintaining clear, well‑organized, and evidence‑based documentation to support management review, audit, or regulatory examination.

Responsibilities

• Execute day‑to‑day third‑party risk management activities for new and existing vendors in accordance with the Bank’s TPRM Program, with heightened focus on critical and GLBA‑High risk relationships.
• Support initial due diligence and ongoing risk assessments by collecting, validating, and documenting required artifacts and supporting materials for higher‑risk vendors to facilitate effective review, challenge, and approval by the Program Manager.
• Maintain and manage the rolling vendor review schedule established by the Program Manager, ensuring critical and high‑risk third‑party relationships are prioritized and reviewed in accordance with established cadence and monitoring requirements.
• Coordinate with internal stakeholders, including Information Security, IT, Compliance, Finance, and Accounting, to obtain required risk assessment inputs and documentation necessary to support vendor reviews, providing enhanced facilitation for critical and GLBA‑High risk vendors.
• Track vendors review progress, outstanding action items, and remediation activities, maintaining visibility into reviews, documentation gaps, and issue resolution.
• Proactively escalate aging, overdue, or at‑risk items to the Program Manager to support timely awareness, decision‑making, and risk mitigation.
• Prepare, maintain, and organize comprehensive vendor review documentation, including executive summaries, evidence inventories, and issue tracking materials, with enhanced rigor applied to files associated with critical and GLBA‑High risk vendors.
• Ensure that vendor risk conclusions and assigned risk ratings are clearly, consistently, and defensibly supported by documented evidence prior to Program Manager review and sign‑off.
• Assist in documenting risk acceptance decisions and remediation status under the direction of the Program Manager, ensuring alignment with TPRM program standards, internal governance expectations, and applicable regulatory requirements.
• Identify procedural gaps, workflow inefficiencies, and documentation issues encountered during third‑party risk management execution, particularly those impacting oversight of critical and GLBA‑High risk vendors.
• Escalate observations and improvement opportunities to the Program Manager for program‑level evaluation and continuous improvement.
• Support ad hoc projects, process enhancements, and targeted initiatives led by the Program Manager to strengthen third‑party risk governance, operational effectiveness, and overall program maturity.
• Support the Program Manager by tracking vendor‑related review milestones (including onboarding, renewals, and amendments).
• Ensure required vendor review documentation is complete, accurate, and available to support informed contractual decisions prior to execution.
• Compile and maintain program metrics, status reports, and supporting materials used to measure and monitor Third‑Party Risk Management (TPRM) program performance.
• Assist, as directed by the Program Manager, in preparing materials for internal governance forums, audits, and regulatory examinations.
• Support internal and external audits and regulatory examinations by organizing vendor files, maintaining evidence mappings, and assembling response documentation under Program Manager guidance.
• Maintain vendor records in an exam‑ready state to support Program Manager interactions with auditors, regulators, and risk committees.