Third Party Risk Analyst Job Description
Third party risk analyst
provides leadership & direction to ensure governance occurs through third party and New Risk Initiatives risk management program requirements.
Third Party Risk Analyst Duties & Responsibilities
To write an effective third party risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included third party risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Work with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s)
Be responsible for performing on-going supplier management and assurance activities across a portfolio of higher risk/value suppliers to help the bank effectively manage the service, cost and risk in its supply chain
Responds to inquiries/examination requests by supporting elements of the regulatory and audit examination cycle for inquiries or exams pertaining to the line of business
Assist in data analytics and reporting activities
Collaboratively participate in, and contribute to, any committees that you are assigned to for the purpose of reviewing new and existing third party relationships
Develop a working knowledge of OCC Bulletin 2013-29
Serve as an initial review and checkpoint of basic contract management risk compliance with the line of business the first line of analysis and synthesis of the same
Review and validate the archiving of evidence from both third party and CS
Develop a deep understanding of TPO related systems, processes, and policies
Review the completion of contracts, Statements of Work (SOW) and Service Level Agreements (SLAs) and on an ongoing basis, perform frequent performance and risk monitoring
Third Party Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Third Party Risk Analyst
List any licenses or certifications required by the position: CISSP, CRISC, CISM, CISA, SOC, CIA, CTPRP, ISO, SSAE, ISA
Education for Third Party Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the third party risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Collage Degree in Management, Finance, Business, Computer Science, Education, Information Systems, Accounting, Economics, Business/Administration, Technology
Skills for Third Party Risk Analyst
Desired skills for third party risk analyst include:
Capability to do the work of the group
Database and spreadsheet software and applications
Regulatory requirements and compliance
Vendor management
Word processing
Regulatory requirements and reporting
Third-party risk management
Organization
NIST
Concepts
Desired experience for third party risk analyst includes:
IT Risk Management/Audit industry certification (such as CISSP, CISA,CRISC, ) preferred
It is essential that all suppliers must have a designated Supplier Manager
Providing expert advice and direction to Senior/Executive Management is important
Strong technical aptitude to include MS Word and MS Excel
Functional and technical expertise garnered and demonstrated through time on the job
Advanced skills in Excel, Microsoft Powerpoint, ACL, or Cognos reporting
Third Party Risk Analyst Examples
1
Third Party Risk Analyst Job Description
Job Description Example
Our growing company is looking for a third party risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for third party risk analyst
- Provide monitoring and assessment of enterprise-wide adherence to vendor management policy requirements
- Collaborate with colleagues and work towards streamlining processes
- Consistently deliver on commitments, deadlines and objectives while remaining in scope and leveraging appropriate tools, methods, frameworks, and professional standards
- Demonstrate the ability to appropriately influence business decisions, and the professional judgment for selecting the appropriate methods and techniques to do so
- Conduct third party risk assessments, applying established criteria
- Maintain thorough understanding of all business requirements to support requirements analysis
- Analyze and develop requirements for enhancements to application functionality
- Works will other Technical Security personnel to review and interpret vendor due diligence materials, including audit reports and security risk assessment questionnaires
- Involve appropriate subject matter expertise as required to resolve vulnerabilities
- Works with the Corporate Vulnerability Management team to conduct vulnerability assessments on remote hosted applications as needed
Qualifications for third party risk analyst
- Experience in working at the enterprise level preferred
- Documents reporting processes and keeps audit trails
- Presentation software, spreadsheets
- Bachelor's degree in Business, Finance, Accounting or an equivalent combination of education and experience
- 4 years experience in risk management processes, risk identification and measurement, audit, consulting, banking or other financial services industry
- Experience using Archer's eGRC platform
2
Third Party Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of third party risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for third party risk analyst
- Contribute to the development of TPIRM processes improvements
- Apply knowledge of key regulations to influence third party review scope
- Apply solid understanding of how TPIRM team collectively integrates with line management and control functions to accomplish the objectives of the function and overall outsourced business activities
- Partner with legal, compliance, procurement, IT, and business team to identify specific third party information risks and recommends appropriate risk treatment action plans with pragmatic solutions to risk and control issues
- Support the risk reporting and key metric processes, and assist with coordinating and communicating results of third party risk assessments to ensure appropriate implementation of controls for accessing or handling firm information
- Serve as first point of contact for all third parties IS matters
- Respond appropriately to third party cyber risk incident, the related investigations, managing situations with discretion, sensitivity, and objectivity, and with due consideration of chain-of-custody
- Educate business teams on third party information risk and recommendations
- Develop third party service information risk guidelines
- Manage and maintain repositories, tools, and documentation for third party information risk assurance
Qualifications for third party risk analyst
- Demonstrates critical thinking skills, ability to perform information searches, and just-in-time flexibility skills
- Self-motivated and ability to work independently, ability to work and develop partnerships
- CPS, CIA, CBA, CFSA, CTA, CFE, CRP or CRCM License a plus
- Minimum of 3-5 years’ experience in supplier management, project management, internal audit, compliance or public accounting capacity
- Strong understanding of supplier management activities, best practices,trends and related internal controls and metrics
- Demonstrated ability with excellent verbal and written communication skills, project management, strong analytical and problem-solving skills, multi-tasking in a fast-paced environment and general leadership skills
3
Third Party Risk Analyst Job Description
Job Description Example
Our company is looking to fill the role of third party risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for third party risk analyst
- Work with business units to establish, maintain, and optimize role based third party controls across the organization
- Directly interface with the Wholesale Banking business line third party relationship managers third parties to understand and document the business processes involved with each assigned third party relationship
- Report any control deficiencies to key stakeholders to initiate and subsequently drive remediation
- Document and implement standard operating procedures
- Ability to facilitate consensus in meetings between multiple stakeholders
- Supports AEMP 10 (Third Party Management) Policy refreshes in compliance with banking regulation reviews (FRB, OCC, FDIC, CFPB) , data collection and submission and provides needed scope consultation
- Partners closely with the various Risk Pillar Subject Matter Experts (SMEs) - TLM, Privacy, Compliance, SOX, Antitrust and Service Continuity to maintain and uplift standard operating models
- Serve as a support function relative to information being reported to internal management committees/subcommittees and manage committee approvals
- Manage SME forum discussions, reviews, and execution of updated requirements
- Individual should be able to demonstrate strong interpersonal, leadership and change management skills, solid presentation and communication skills
Qualifications for third party risk analyst
- Understanding of federal banking guidelines and regulations, specifically supplier/third party requirements
- Bachelor degree/ graduate degree highly desirable
- 1+ yrs of technical or project management exp
- Working knowledge of GRC (Governance, Risk/Compliance) tools such as RSA Archer a plus
- Undergraduate degree 3+ years experience with infrastructure and/or system development for information technology
- 3+ years experience with system testing, project management, issue management and/or risk management
4
Third Party Risk Analyst Job Description
Job Description Example
Our company is looking for a third party risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for third party risk analyst
- Look for trends in security or privacy incidents that may be associated with third party vendors, escalating these findings and working to implement a mitigation and/ or action plan
- Responsible for conducting assessments and participating in the execution of the on-site visits and reports
- Other duties may include research, responding to audit inquiries, and validating third party vendor controls to ensure compliance with various regulatory sources
- Function as a point of contact for business users initiating new third party engagements requiring action by CoRe Procurement
- Liaise with all members of Procurement leadership and staff, representatives from other Firm functions to ensure initiatives are successfully completed in a timely manner
- Identify and route request via Third Party Risk Management (TPRM) system to appropriate procurement leader
- Monitor progress of third party engagements through risk management process and communicate status to procurement managers
- Define assessment scope and applicability based on services provided by third parties
- Perform third party security assessments based on required testing criteria, clearly document findings and observations applicable to the service and risks outlined by client
- Develop corrective action plans and monitor third party’s resolution for closure
Qualifications for third party risk analyst
- Experience with OCC Bulletin 2013-29 & FRB SR 13-19/CA 13-21 a plus
- Excellent organizational, written/oral communication and time management skills
- Nine (9) years experience
- Partner with the technology for development of Functional Requirement Documents (FRDs) and help respond to technology questions during construction
- Maintain and create UAT test script documentation to ensure traceability of requirements implementation
- Create and maintain process flow documentation
5
Third Party Risk Analyst Job Description
Job Description Example
Our company is hiring for a third party risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for third party risk analyst
- Provide performance and risk reporting
- Provide Key Support in database management through the development, monitoring and ongoing review of reporting to enhance the third party compliance program analytics
- Provide support to business and Compliance stakeholders in the completion of compliance risk assessments and due diligence reviews on all new third-party vendor engagements, and ongoing monitoring of third parties
- Provide Support and assist in projects for the TPCRM Program and the enterprise program
- Partner with team lead to maintain third party inventory and assessment schedule
- Assist with writing, maintaining, and developing departmental policies/procedures
- Assist with departmental training and communication efforts
- Support third party risk management tool implementation and maintenance
- Partner with colleagues across multiple business units to help drive completion of assigned third party risk assessments from scheduling, execution and remediation
- Work with business units to ensure third parties are assessed and are compliant with Third Party Risk & Due Diligence processes
Qualifications for third party risk analyst
- Demonstrate TPO application functionality to stakeholders
- Support defect review and prioritization
- Ad-hoc projects that require subject matter expertise on all requirements related to TPO applications
- Strong analytical and problem solving skills with an ability to digest large volumes of complex information while maintaining a focus on attention to detail
- Excellent writing skills with a proven ability to write clear, unambiguous instructions
- 3 years experience in requirements elicitation with an emphasis on ensuring requirements completeness and clarity