Third Party Risk Analyst Job Description
Third Party Risk Analyst Duties & Responsibilities
To write an effective third party risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included third party risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Third Party Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Third Party Risk Analyst
List any licenses or certifications required by the position: CISSP, CRISC, CISM, CISA, SOC, CIA, CTPRP, ISO, SSAE, ISA
Education for Third Party Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the third party risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Management, Finance, Business, Computer Science, Education, Information Systems, Accounting, Economics, Business/Administration, Technology
Skills for Third Party Risk Analyst
Desired skills for third party risk analyst include:
Desired experience for third party risk analyst includes:
Third Party Risk Analyst Examples
Third Party Risk Analyst Job Description
- Provide monitoring and assessment of enterprise-wide adherence to vendor management policy requirements
- Collaborate with colleagues and work towards streamlining processes
- Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards
- Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so
- Conduct third party risk assessments, applying established criteria
- Maintain thorough understanding of all business requirements to support requirements analysis
- Analyze and develop requirements for enhancements to application functionality
- Works will other Technical Security personnel to review and interpret vendor due diligence materials, including audit reports and security risk assessment questionnaires
- Involve appropriate subject matter expertise as required to resolve vulnerabilities
- Works with the Corporate Vulnerability Management team to conduct vulnerability assessments on remote hosted applications as needed
- Experience in working at the enterprise level preferred
- Documents reporting processes and keeps audit trails
- Presentation software, spreadsheets
- Bachelor's degree in Business, Finance, Accounting or an equivalent combination of education and experience
- 4 years experience in risk management processes, risk identification and measurement, audit, consulting, banking or other financial services industry
- Experience using Archer's eGRC platform
Third Party Risk Analyst Job Description
- Contribute to the development of TPIRM processes improvements
- Apply knowledge of key regulations to influence third party review scope
- Apply solid understanding of how TPIRM team collectively integrates with line management and control functions to accomplish the objectives of the function and overall outsourced business activities
- Partner with legal, compliance, procurement, IT, and business team to identify specific third party information risks and recommends appropriate risk treatment action plans with pragmatic solutions to risk and control issues
- Support the risk reporting and key metric processes, and assist with coordinating and communicating results of third party risk assessments to ensure appropriate implementation of controls for accessing or handling firm information
- Serve as first point of contact for all third parties IS matters
- Respond appropriately to third party cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
- Educate business teams on third party information risk and recommendations
- Develop third party service information risk guidelines
- Manage and maintain repositories, tools, and documentation for third party information risk assurance
- Demonstrates critical thinking skills, ability to perform information searches, and just-in-time flexibility skills
- Self-motivated and ability to work independently, ability to work and develop partnerships
- CPS, CIA, CBA, CFSA, CTA, CFE, CRP or CRCM License a plus
- Minimum of 3-5 years’ experience in supplier management, project management, internal audit, compliance or public accounting capacity
- Strong understanding of supplier management activities, best practices,trends and related internal controls and metrics
- Demonstrated ability with excellent verbal and written communication skills, project management, strong analytical and problem-solving skills, multi-tasking in a fast-paced environment and general leadership skills
Third Party Risk Analyst Job Description
- Work with business units to establish, maintain, and optimize role based third party controls across the organization
- Directly interface with the Wholesale Banking business line third party relationship managers third parties to understand and document the business processes involved with each assigned third party relationship
- Report any control deficiencies to key stakeholders to initiate and subsequently drive remediation
- Document and implement standard operating procedures
- Ability to facilitate consensus in meetings between multiple stakeholders
- Supports AEMP 10 (Third Party Management) Policy refreshes in compliance with banking regulation reviews (FRB, OCC, FDIC, CFPB) , data collection and submission and provides needed scope consultation
- Partners closely with the various Risk Pillar Subject Matter Experts (SMEs) - TLM, Privacy, Compliance, SOX, Antitrust and Service Continuity to maintain and uplift standard operating models
- Serve as a support function relative to information being reported to internal management committees/subcommittees and manage committee approvals
- Manage SME forum discussions, reviews, and execution of updated requirements
- Individual should be able to demonstrate strong interpersonal, leadership and change management skills, solid presentation and communication skills
- Understanding of federal banking guidelines and regulations, specifically supplier/third party requirements
- Bachelor degree/ graduate degree highly desirable
- 1+ yrs of technical or project management exp
- Working knowledge of GRC (Governance, Risk/Compliance) tools such as RSA Archer a plus
- Undergraduate degree 3+ years experience with infrastructure and/or system development for information technology
- 3+ years experience with system testing, project management, issue management and/or risk management
Third Party Risk Analyst Job Description
- Look for trends in security or privacy incidents that may be associated with third party vendors, escalating these findings and working to implement a mitigation and/ or action plan
- Responsible for conducting assessments and participating in the execution of the on-site visits and reports
- Other duties may include research, responding to audit inquiries, and validating third party vendor controls to ensure compliance with various regulatory sources
- Function as a point of contact for business users initiating new third party engagements requiring action by CoRe Procurement
- Liaise with all members of Procurement leadership and staff, representatives from other Firm functions to ensure initiatives are successfully completed in a timely manner
- Identify and route request via Third Party Risk Management (TPRM) system to appropriate procurement leader
- Monitor progress of third party engagements through risk management process and communicate status to procurement managers
- Define assessment scope and applicability based on services provided by third parties
- Perform third party security assessments based on required testing criteria, clearly document findings and observations applicable to the service and risks outlined by client
- Develop corrective action plans and monitor third party’s resolution for closure
- Experience with OCC Bulletin 2013-29 & FRB SR 13-19/CA 13-21 a plus
- Excellent organizational, written/oral communication and time management skills
- Nine (9) years experience
- Partner with the technology for development of Functional Requirement Documents (FRDs) and help respond to technology questions during construction
- Maintain and create UAT test script documentation to ensure traceability of requirements implementation
- Create and maintain process flow documentation
Third Party Risk Analyst Job Description
- Provide performance and risk reporting
- Provide Key Support in database management through the development, monitoring and ongoing review of reporting to enhance the third party compliance program analytics
- Provide support to business and Compliance stakeholders in the completion of compliance risk assessments and due diligence reviews on all new third-party vendor engagements, and ongoing monitoring of third parties
- Provide Support and assist in projects for the TPCRM Program and the enterprise program
- Partner with team lead to maintain third party inventory and assessment schedule
- Assist with writing, maintaining, and developing departmental policies/procedures
- Assist with departmental training and communication efforts
- Support third party risk management tool implementation and maintenance
- Partner with colleagues across multiple business units to help drive completion of assigned third party risk assessments from scheduling, execution and remediation
- Work with business units to ensure third parties are assessed and are compliant with Third Party Risk & Due Diligence processes
- Demonstrate TPO application functionality to stakeholders
- Support defect review and prioritization
- Ad-hoc projects that require subject matter expertise on all requirements related to TPO applications
- Strong analytical and problem solving skills with an ability to digest large volumes of complex information while maintaining a focus on attention to detail
- Excellent writing skills with a proven ability to write clear, unambiguous instructions
- 3 years experience in requirements elicitation with an emphasis on ensuring requirements completeness and clarity