Third Party Risk Sr Analyst

Citizens Bank•Johnston, RI

About The Position

As a Senior Third Party Analyst, you will support the program by working with assigned business units to ensure third-parties are managed in accordance with program design. The Third Party Assessment (TPA) function delivers value by performing control assessments on third parties, in relation to data protection, cyber security, and operational risk. These assessments are completed to provide a level of confidence to the bank and to regulatory bodies that any information services being provided are executed in a controlled and safe environment. The goal of the TPA team is to provide Cyber and Business Continuity requirements, but most importantly, provide insights to our Business Lines related to exceptions within the third party. Relationships with Business Line leaders and colleagues is imperative to communicating and discussing observations and findings during assessments. This will include managing relationships with both business leaders and third parties, while providing robust and challenging insight on business risk and on the adequacy and effectiveness of the test control processes in place. The role holder delivers assessment review and provides opinion on the quality of the third party control environment as is needed to meet Citizens Banks policies - including identifying issues and subsequently assisting the business to agree to any appropriate action plans to mitigate the risk.

Requirements

5+ years of experience in an IT Risk, Audit, Third Party Vendor Assessment or Information Security organization with an understanding of Audit, Security and Risk.
Experience gathering information from a range of different sources and in a number of different ways e.g. data collection, interviews, meetings, review of processes, manuals, and documentation review.
Experience (significant) with GRC methodologies, tools, and enablers preferably in a financial industry
Strong thought leadership in Risk Management and ability to act as management when required.
Demonstrated experience working as part of a team - coupled with ability to gather and analyze information & provide a suitable solution.
Strong project management.
Advanced Excel.
Demonstrated interpersonal and communication.
Ability to plan, organize and prioritize workloads and work on own initiative.
Bachelor’s Degree preferred from an accredited institution in either Risk Management, Information Systems/Security or related field or proven experience in Risk, Information Security or Audit.
One of more of the following certifications – CRM, ARM, CISSP, CISA, CISM, Audit Management certification as well as certifications in Disaster Recovery and Business Continuity.

Responsibilities

Collaborating with senior management to influence key decisions.
Evaluating third party control infrastructure effectiveness and obtaining evidence of controls
Applying experience in audit, security and regulatory frameworks including ISO 27001, GLBA, SOX, PCI, HIPPA, States Privacy Regulation and FFIEC
Assisting in Governance Risk and Compliance (GRC) program’s design, process re-engineering or enhancements and tool and technology implementations as applicable
Leading current risk assessments, continual risk assessments, and risk metrics and visualizations
Performing validation of remediation activities
Working directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk management
Supporting and participating in Regulatory exam preparation and execution as well as remediation where applicable
Coaching and mentoring junior analysts and clearly articulating Third Party Assessment program goals and objectives to the wider audience
Producing Third Party Assessment reports that clearly articulate risks in order to speak to a varied audience.
Translating security risk and communicating effectively to business partners within the organization