Third-Party Risk Management (TPRM) Junior Analyst
About The Position
National Digital Trust Company has received conditional approval from the Office of the Comptroller of the Currency to open as a federally chartered trust bank to provide a broad range of digital asset services. We are building a specialized financial institution addressing the growing demand for digital asset services. Our primary business will focus on digital asset custody, providing secure, efficient custodial and fiduciary services for a variety of digital assets. You will work with foundational systems and processes to help shape our operating model and influence how a new category of financial infrastructure comes to market. We are looking for builders who handle complexity with confidence and tackle ambitious opportunities while keeping pace with this rapidly evolving industry. Let’s build this together!
Requirements
- Bachelor's degree in business, Information Security, Cybersecurity, Risk Management, Finance, or related field.
- 1-3 years of experience in TPRM and Information security risk
- Experience reviewing NIST, ISO 27001, and SOC reports is required.
- Ability to assess technical controls, identify control gaps, and evaluate vendor cybersecurity maturity, aligning with regulatory expectations, including OCC guidance.
Nice To Haves
- Experience working in an OCC-regulated financial institution
- Exposure to cloud risk management (AWS, SaaS environments)
- Experience using TPRM platforms
Responsibilities
- Conduct initial and ongoing risk assessments for new and existing vendors, with emphasis on cybersecurity and data protection
- Evaluate vendor due diligence responses, including information security, security architecture, and cloud environments
- Identify control gaps and recommend risk mitigation strategies
- Assess vendors handling sensitive data, critical systems, or customer information
- Support vendor due diligence, concentration risk, fourth-party risk, and business continuity assessments
- Assist with preparation for regulatory examinations and internal audits
- Maintain documentation demonstrating regulatory compliance and risk-based decision making
- Support updates to TPRM policies, procedures, and standards
- Assess vendor security programs against recognized frameworks, including: NIST Cybersecurity Framework, ISO 27001, SOC 2 Type II
- Support monitoring of critical and high-risk vendors, including: Annual reassessments, Incident reviews, Cybersecurity attestations, Financial health reviews
- Track vendor performance, compliance, and remediation activities
- Prepare risk summaries and reporting materials for leadership
- Escalate significant risks in a timely manner
- Review vendor incident response and breach notification processes
- Evaluate business continuity and disaster recovery capabilities
- Participate in vendor-related incident response activities as needed
- Prepare concise risk reports for senior leadership and risk committees
- Maintain accurate documentation within the TPRM system
- Support reporting on third-party cyber risk exposure and metrics
- Partner with Information Security, Compliance, Legal, Procurement, and business units
- Communicate findings clearly to both technical and non-technical stakeholders
- Provide guidance to business owners on third-party risk requirements
Benefits
- Medical, Dental, and Vision insurance
- 401(k)
- Life and disability insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
