This is a Hybrid position - (3 days from the office in Miami Lakes, Florida and 2 days from home)

Location: Miami Lakes, FL (Onsite) Hybrid Schedule

SUMMARY: The Third Party Risk Analyst will be responsible for identifying, analyzing and influencing the management of third party risks across the organization. This individual must ensure that his or her organization's vendor portfolio is properly evaluated, assessed and managed to minimize risk exposure and risk impacts to BankUnited. The Third Party Risk Analyst's responsibility is to anticipate, identify, analyze, monitor, and mitigate risks associated to the management of third party supplier relationships across the organization. Third party risk management will include ensuring that the level of oversight of the Bank's third parties are commensurate with the level of risk and complexity of these relationships. In addition, the Third Party Risk Analyst is tasked with compiling data and completing documentation related to third party risk, as well as ensuring that the issues that arise are appropriately captured, assessed, reported, and mitigated to acceptable levels. This role will be part of Corporate Procurement - Third Party Risk Management, reporting to Third Party Due Diligence Manager.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.

• Performs focused third party risk assessments of existing or new services and technologies, along with business counterparts.
• Communicates risk assessment findings to Procurement, business line owners or information governance teams and information security teams.
• Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
• Identifies and facilitates implementation of appropriate controls to effectively manage third party risks as needed.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Coordinates the identification and ranking of vendor risks
• Coordinates the classification and tiering of vendors by risks and risk impacts
• Builds communication and escalation plans around vendor risk management activities within the enterprise
• Understands and applies relevant regulatory and legal compliance requirements
• Manages vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies
• Develops, monitors and possibly executes vendor remediation actions, mitigation and contingency plans when risks or events are identified
• Ensures third- (and increasingly, fourth) party vendor regulatory compliance
• Coordinates the gathering of vendor risk assessment data and prepares risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders
• Tracks identified risks and risk events
• Influences vendors and business partners to ensure compliance with risk management policies
• Partners with sourcing and contract management functions
• Collaborates, as appropriate, with information security, finance, compliance and/or disaster recovery and business continuity management and other risk functions to maintain an enterprise third party risk management program
• Works with regulatory officers and auditors as necessary
• Communicates identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and the addressing of these issues
• Develops and coordinates vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model
• Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
• Adheres to Bank policies and procedures and completes required training.
• Identifies and reports suspicious activity.

EDUCATION

BS or MA in Business, Computer Science, Information Security or a related field or 5+ years of third party risk management experience including supervisory experience

EXPERIENCE

• 3+ years of work experience in third party risk management, information security, risk management and/or IT audit role
• 3+ years of experience with regulatory compliance
• Previous experience with Supplier Management Information Systems, preferably Coupa and/or Hiperos

#GoForMore

#WorkWithUs