Third-Party Risk Management Cyber Analyst

About The Position

Requirements

• Bachelor’s degree in Business Administration, Information Systems, Computer Science, Cybersecurity or equivalent degree or experience preferred.
• One to three years of IT/Cybersecurity experience and/or related certifications required.
• Possess the ability to communicate succinctly and effectively verbally and in writing.
• Strong and adaptable computer skills, including MS Office products and other business software.
• Knowledge of risk management including IT systems and related risks and controls.
• Ability to always maintain the confidentiality of the Credit Union and member records.
• Must be willing to comply with the Bank Secrecy Act and USA Patriot Act as implemented by ICCU.

Nice To Haves

• Professional experience in business operations, project/program management, finance, risk management, business analytics, cyber security/data privacy, or similar.
• Knowledge and understanding of the critical components of Vendor’s System and Organization Control Report (SOC Report) review processes.

Responsibilities

• Possess and demonstrate an ability to recognize and analyze qualitatively and quantitatively third-party risks, as defined by TPRM Management.
• Maintain an up to date knowledge about information systems, information technology, cybersecurity, data architecture, including the risks and mitigations associated with each.
• Ability to interact with the Information Technology stakeholders and third-party IT representatives, challenging documented assumptions, and conclusions whenever the evidence does not support them, and assist them to meet TPRM standards of documentation.
• Acts proactively in resolving pending items, following up with the different stakeholders to complete the TPRM process, cordially discuss assessments’ results completed by IT and other stakeholders when documentation for risk rationale and conclusion seem insufficient or unclear.
• Demonstrate critical thinking skills to identify critical risks and understand interrelationships among different risk categories.
• Communicate effectively through multiple mediums (electronic and in-person), write clearly and effectively, & document findings appropriately and completely.
• Ability to utilize Microsoft Word, Excel, PowerPoint, and other reporting/presentation tools.
• Execute assigned tasks and responsibilities timely with the highest level of professionalism.
• Demonstrate credibility with business partners and leadership, to appropriately influence business decisions, and exercise strong business judgment.
• Demonstrate an ability to work independently but seek appropriate input and feedback.
• Identify opportunities to create additional value for internal business team members and partners through continuous improvement.
• Conduct and evaluate third-party risk assessments, including SOC Reviews and security assessments, as defined by TPRM Management.
• Completion of due diligence (initial and ongoing) for third parties with input from stakeholders.
• Collaborate with internal stakeholders and third parties to mitigate and otherwise resolve third-party risks.
• Collaborate effectively with TPRM team, other TPRM analysts, and Risk Management leadership.
• Collaborate with IT Security and Architecture to ensure all measures are being taken to accurately assess complex third-party technologies.
• Conduct periodic TPRM training and awareness with business lines and TPRM personnel.
• Acts as subject matter expert on TPRM procedures.
• Other duties as assigned.

Benefits

• Competitive Pay
• Medical, Dental, & Vision Insurance
• Generous Paid Time Off
• Paid Holidays
• Matching 401K AND Pension
• Tuition Reimbursement
• Employee Assistance Program
• Employee Wellness Program
• Paid Group Life and Disability Insurance
• Awesome Culture
• And More