Vendor Risk Analyst
The Global Technology Vendor Risk Analyst will own the assessments of technology, security and other controls for external vendors and other third parties engaged by client. This position will collaborate with all levels including senior management within Systems as well as various other Lines of Business to act as the SME on potential risk threats presented by the third party. The person will be the first line of defense in determining whether or not Client's third party vendors have the necessary controls in place that align to Client's standards and policies which includes knowledge of current and emerging risk trends, exercising judgment while identifying and assessing potential risks and implementing creative solutions that mitigate vendor risk.
This role is highly visible within the organization and will offer the opportunity to partner with leadership to continue to enhance the risk assessment functions as it relates to Technology Vendor Risk.
Third Party Risk Analysis
Execute the Business Technology Review Process (BTR) by;
- Initiating the assessments for all third party technology vendors which includes fully understanding the business need / problem set.
- Working with the applicable third party vendor to gather detailed information regarding their IT controls (BCP, cyber security, assess controls, etc.) designed to protect Client information assets.
- Responsible for analyzing the information provided by the third party and evaluating their controls based upon Client standards and general industry experience.
- Preparing written assessments which highlight misalignments between the vendor's processes / policies and those of Client and effectively describes areas of potential risk.
- Assist in the development of metrics and measurement systems that identify weaknesses and residual risk over time.
- Collaborate with OGC to evaluate new and existing contracts to assess gaps in their services.
- Ensure appropriate information is documented in order to track, quantify and report on findings.
- Bachelor's degree and 3+ years' experience in technology and financial services.
- 3 to 5 years of relevant work experience as an SME in Technology Risk Assessments.
- Strong understanding of Cyber Risk, Info Security, BCP, data privacy and encryptions, network security and other related areas.
- Understanding of SDLC
- Understanding and experience with GRC toolkits such as Archer and MetricStream
- Detail oriented with ability to handle multiple priorities
- Strong communication and interpersonal skills
- Collaborative work style