Third Party Risk Management (TPRM) Senior Analyst

About The Position

Requirements

• Bachelor’s degree required (Business, Finance, Risk Management, Information Systems, or a related field preferred).
• 3–6 years of experience in third-party risk management, operational risk, compliance, audit, or a related risk/control function.
• Experience supporting third-party or vendor lifecycle activities, including onboarding, documentation review, assessments, approvals, or ongoing monitoring.
• Familiarity with third-party due diligence documentation, such as SOC 2 Type II reports, penetration testing results, information security policies, SIG questionnaires, and business continuity or resiliency plans.
• Experience working with risk management systems or workflow tools (e.g., TPRM platforms, GRC systems, or similar systems of record).
• Experience supporting audit or regulatory exam requests, including evidence gathering and response coordination.

Nice To Haves

• Exposure to technology risk, system testing, or workflow validation is preferred.
• Prior experience in financial services or a regulated environment is preferred.

Responsibilities

• Execute and support all phases of the third-party lifecycle in compliance with the TPRM Program, including intake and onboarding documentation, risk assessments, approvals, ongoing reviews and review and challenge.
• Perform mapping and validation of services and service agreements, including alignment to pre-existing vendor relationships.
• Review vendor contracts to identify and understand key risk-relevant terms, including contract timelines, insurance and liability requirements, and service level agreements (SLAs), escalating issues as appropriate.
• Track and manage application onboarding status, workflow progression, and required reviews for vendor services.
• Bridge communication across TPRM stakeholders to ensure timely coordination, documented reviews, and appropriate management sign-off.
• Execute workflows within the TPRM system (Archer), including performing technology testing and system validation activities, as required.
• Administer training and provide system support to business users as needed.
• Ensure all vendor-related evidence, documentation, and approvals are accurately captured and maintained within the system of record.
• Cross-train and provide flexible support to the Director of Operational Risk across other Second Line of Defense risk areas, as required to meet business and risk management needs.