Information Security Third Party Risk and Vendor Management Analyst
What will your day look like?
You will support the IS Third Party Risk and Vendor Management program. Duties will include the coordination of risk assessments, due diligence, and management of technology third-party relationships through ongoing performance and risk monitoring. In addition, the incumbent supports the day-to-day delivery of process monitoring, reporting, and end-user support. The IS Third Party Risk and Vendor Management Analyst is responsible for creating a number of reports provided to both IS and Enterprise Third Party Risk Management Program. Resources to do the job require reliance on experience and judgment to plan and accomplish goals utilizing a wide degree of creativity and latitude. General direction is received from the Manager, IS Risk and Vendor Management.
Responsibilities
Do you see yourself doing this?
Third Party Risk Responsibilities:
- Coordinate technology third party risk assessments and due diligence process on all prospective third-parties
- Conduct periodic performance and risk reviews of existing technology third-parties
- Collaborate with business and various risk subject matter experts to address and/or mitigate identified risks
- Facilitate remediation for any technology third-party related operational issues as needed
- Ensure technology third-party relationships adhere to company policies and are compliant with regulatory guidelines and industry best practices
- Ensure new technology third-party due diligence and supporting documents are properly captured in the TruOps system and other tools
- Manage recurring technology third-party risk management reports to be shared with the organization which will include risk ratings, policy exceptions, performance and other risk management key performance indicators (KPIs)
- Assist in the development of third party performance monitoring process for the department.
- Foster strong partnerships and relations with technology third party vendors.
- Support internal customers with implementation, rollout, inquiries, troubleshooting, training and overall support of the IS Third Party Risk and Vendor Management program.
- Work closely with the Information Security department to identify and monitor vendor issues and track vendor risks to ensure mitigation plans are defined and implemented.
- Assist IS, IT, Enterprise Risk Management, and Procurement division in ongoing monitoring of technology vendors
- Create technology vendor scorecards based on risk and performance and notify Information Security, Enterprise Risk Management, and Procurement of any findings
- Collaborate with Procurement to proactively monitor vendor’s performance to ensure that contract terms and SLA’s are being met or exceeded
- Assist IS Third Party Risk and Vendor Management team in managing technology vendor deliverables and performance aligned with Procurement.
Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensure compliance with all applicable state and federal laws, company procedures and policies. Maintain integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
Qualifications
What makes you a great fit?
You’ll be a great fit if in addition to the completion of a Bachelor’s degree in Business, Finance or related field required, and you have:
- 2 - 4 years’ experience in, third-party risk management, or information security
- Experience with conducting risk assessments
- Experience with managing third parties
- Experience with regulatory examinations in financial services preferred
- Knowledge of National Credit Union Administration (NCUA), Federal Financial Institutions Examinations Council (FFIEC), and Consumer Financial Protection Bureau (CFPB), Office of the Comptroller of the Currency (OCC) and Federal Deposit Insurance Corporation (FDIC) regulations and guidance
- Knowledge of Information Security frameworks and standards such as ISMS, ISO, and NIST is a plus
- Ability to collaborate effectively with senior management, vendors, and business and technical partners
- Excellent oral and written communication skills
- Problem-solving and analytical skills
- Strong judgment, organizational, decision-making and process management skills
- Demonstrated effectiveness in managing multiple priorities and meeting deadlines in a fast-paced environment; flexibility with changing priorities on a daily basis
- Demonstrated commitment to quality and continuous improvement
- Proficiency in Microsoft Word, Excel and Outlook required
When you’re happy, we’re happy!
As a thank you for joining our team, you’ll benefit from:
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off