Third Party Risk Sr Analyst

Description

As a Senior Third Party Analyst, you will support the program by working with assigned business units to ensure third-parties are managed in accordance with program design.  The Third Party Assessment (TPA) function delivers value by performing control assessments on third parties, in relation to data protection, cyber security, and operational risk.  These assessments are completed to provide a level of confidence to the bank and to regulatory bodies that any information services being provided are executed in a controlled and safe environment. The goal of the TPA team is to provide Cyber and Business Continuity requirements, but most importantly, provide insights to our Business Lines related to exceptions within the third party.  Relationships with Business Line leaders and colleagues is imperative to communicating and discussing observations and findings during assessments. This will include managing relationships with both business leaders and third parties, while providing robust and challenging insight on business risk and on the adequacy and effectiveness of the test control processes in place.

The role holder delivers assessment review and provides opinion on the quality of the third party control environment as is needed to meet Citizens Banks policies - including identifying issues and subsequently assisting the business to agree to any appropriate action plans to mitigate the risk.

Primary responsibilities include

• Collaborating with senior management to influence key decisions.
• Evaluating third party control infrastructure effectiveness and obtaining evidence of controls
• Applying experience in audit, security and regulatory frameworks including ISO 27001, GLBA, SOX, PCI, HIPPA, States Privacy Regulation and FFIEC
• Assisting in Governance Risk and Compliance (GRC) program’s design, process re-engineering or enhancements and tool and technology implementations as applicable
• Leading current risk assessments, continual risk assessments, and risk metrics and visualizations
• Performing validation of remediation activities
• Working directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk management
• Supporting and participating in Regulatory exam preparation and execution as well as remediation where applicable
• Coaching and mentoring junior analysts and clearly articulating Third Party Assessment program goals and objectives to the wider audience
• Producing Third Party Assessment reports that clearly articulate risks in order to speak to a varied audience.
• Translating security risk and communicating effectively to business partners within the organization 

Qualifications:

• 5+ years of experience in an IT Risk, Audit, Third Party Vendor Assessment or Information Security organization with an understanding of Audit, Security and Risk.
• Experience gathering information from a range of different sources and in a number of different ways e.g. data collection, interviews, meetings, review of processes, manuals, and documentation review.
• Experience (significant) with GRC methodologies, tools, and enablers preferably in a financial industry
• Strong thought leadership in Risk Management and ability to act as management when required.
• Demonstrated experience working as part of a team - coupled with ability to gather and analyze information & provide a suitable solution.

Skills:

• Strong project management.
• Advanced Excel.
• Demonstrated interpersonal and communication. 
• Ability to plan, organize and prioritize workloads and work on own initiative.

Education and Certifications: 

• Bachelor’s Degree from an accredited institution in either Risk Management, Information Systems/Security or related field or proven experience in Risk, Information Security or Audit.
• One of more of the following certifications – CRM, ARM, CISSP, CISA, CISM, Audit Management certification as well as certifications in Disaster Recovery and Business Continuity.

Hours & Work Schedule: 

• Hours per Week: 40
• Work Schedule: Monday through Friday

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.