Third Party Risk Management Analyst

About The Position

Requirements

• Bachelor degree in technology, risk, business or a related field.
• 2 - 4 years of practical or working experience within third party risk management or auditing, preferably in the financial services line of business.
• Prior hands-on technical experience with technology, business applications, cybersecurity products, and IT support / Infrastructure.
• Ability to assess IT/Security operational processes, controls and governance.
• Perform gap analysis and make recommendations on remediation or mitigating controls.
• Knowledge of control and risk identification, and the ability to assess the strength of controls in relation to multiple risk factors operating in complex situations and systems.
• Proven analytical and problem-solving skills.
• Detail oriented and organized in managing multi-project, multi-tasked responsibilities with varying deadlines.
• Familiarity with industry compliance standards and frameworks, such as ISO 27001, SIG, SOC2, NIST and others.
• Knowledge of AI risk concepts, AI/ML governance frameworks (such as NIST AI RMF or ISO 42001), and the ability to assess and evaluate AI-related risks and controls within third party relationships, including experience with or awareness of AI tools, automated decision-making, and emerging AI regulatory requirements.
• Exceptional communication and presentation skills.
• The ability to translate technical concepts into layman’s terms and interface with various levels of management internally and within Third Parties

Nice To Haves

• Certifications in Risk (CTPRP, CTPRA), Audit/Cyber (CISSP, CRISC, CISA, CISM) and Project Management (PMP) are a plus but not a requirement.
• Must be willing to obtain such certifications as directed by management.

Responsibilities

• Lead risk assessments of third parties.
• Develop remediation plans and partner with internal stakeholders to ensure that all risk assessment and remediation requirements have been met.
• Identify, assess, and document AI-related risks introduced by third parties, including evaluating the use of AI/ML tools, models, and automated decision-making systems, and apply relevant AI governance frameworks to ensure appropriate oversight and risk mitigation.
• Support the third party selection and contracting process on major sourcing efforts.
• Assess the risks associated with a third party relationship prior to the renewal of contract agreements.
• Continually reassess the risks associated with the function and inherent in the business based on the third party relationships.
• Analyze, update and modify procedures and processes to identify and continuously implement third party risk management process improvements to meet emerging risks.
• Maintain a structured internal governance framework to ensure effective oversight of third party risk management and procurement compliance.
• Stay informed about the latest developments in the third party risk management and cyber field.
• Maintains knowledge of business, products and systems to ensure effective use of third party and procurement services.
• Partner and maintains strong working relationships within Procurement, Compliance, IT, RDS and Legal and business units as applicable.

Benefits

• competitive benefits package designed to support employees’ health, financial security, family needs, and overall well-being.
• discretionary annual bonus based upon factors such as individual impact, team and firm performance.