Third Party Risk Sr Analyst

Description

As the Third Party Risk Sr Analyst, you will manage vendor issues, complete quality assurance functions and execute Third Party Vendor Assessment reviews. This will include managing relationships with both business leaders and vendors, while providing robust and challenging insight on business risk and on the adequacy and effectiveness of the test control processes in place. The role holder delivers assessment review and provides opinion on the quality of the vendor control environment as is needed to meet Citizens policies including identifying issues and subsequently assisting the business to agree to any appropriate action plans to mitigate the risk. The Third-Party Assessment function adds value by providing specific business function assurance on vendors, in relation to customer, financial or reputational risk and bringing momentum to action plans to address risk and leveraging findings and best practice on a bank wide scale.

Primary responsibilities include

• Collaborating with senior management to influence key decisions.
• Evaluating third party vendors' control infrastructure effectiveness and obtaining evidence of controls.
• Applying experience in audit, security and regulatory frameworks including ISO 27001, GLBA, SOX, PCI, HIPPA, States Privacy Regulation and FFIEC.
• Assisting in Governance Risk and Compliance (GRC) program’s design, process reengineering or enhancements and tool and technology implementations as applicable.
• Leading current risk assessments, continual risk assessments, and risk metrics and visualizations.
• Performing quality assurance on vendor assessment and remediation activities.
• Working directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk management.
• Maintaining and monitoring enterprise risk exception process to identify areas of noncompliance.
• Supporting and participating in regulatory exam preparation and execution as well as remediation where applicable.
• Coaching and mentoring junior analysts and clearly articulating Third Party Vendor Assessment program goals and objectives to the wider audience.
• Producing Third Party Vendor Assessment reports that clearly articulate risks in order to speak to a varied audience.
• Translating security risk and communicating effectively to business partners within the organization.

• The ability to travel within the United States is required.

Qualifications, Education, Certifications and/or Other Professional Credentials

• Required Qualifications

  • Ability to navigate program requirements independently.

  • Demonstrates advanced critical thinking.

  • Identifies opportunities and recommended solutions.

  • Ability to appropriately manage multiple complex assessments and related activities.

  • Demonstrates strong verbal and written communications amongst various internal and external stakeholders.  

  • Strong analytical skills to identify and classify inherent and residual risks.

  • Effectively leads calls with various stakeholders to achieve desired results.

  • Experience in financial services organization, particularly in Risk, Audit, Compliance, Cyber or Third-Party Risk
  • Proficient use of Microsoft Word and Microsoft Excel

  • Experience gathering and analyzing evidence through various methods (e.g., email, virtual sessions, or onsite) and sources (e.g., artifacts, interviews, meetings, demonstrations, independent audits, review of processes/policies, etc.)

• Preferred Qualifications
  • Bachelor’s Degree (preferred)

  • Holds relevant industry certification(s) (i.e. CISA, CRCM, CRISC, CTPRP, TPCRA, etc.) (preferred)

Hours & Work Schedule

• Hours per Week: 40 
• Work Schedule: 8-5 (4 days in office, 1 day remote)

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.