Third-Party Vendor Compliance Risk Analyst Hybrid
Third-Party Vendor Compliance Risk Analyst Hybrid
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 51500 - 78000
1 Vacancy
Job Description
The ThirdParty Vendor Compliance & Risk Analyst (Hybrid) ensures third party vendor compliance with quality standards or regulatory requirements established by the government by NYCM policies and procedures and aligns with the corporate strategy. The chosen candidate documents and communicates standards and requirements evaluates vendors and reports on findings; identifies noncompliance and plans for resolution. In addition they will assist in identification and evaluation of and negotiation with vendors and/or suppliers.
Duties & Responsibilities:
- Coordinate and assess new and current thirdpartys risk profiles risk scoring negative news and Key Performance Indicators (KPIs).
- Identify and communicate potential risks during all phases of the vendor lifecycle including onboarding periodic duediligence continuous monitoring and offboarding of the third party vendors.
- Develop exit strategy/plans in collaboration with divisional partners for critical thirdparties while ensuring the plan is integrated within the corporate strategy risk appetite and risk tolerance.
- Oversee and monitor the Vendor/Contract Lifecycle Management (VCLM) platforms in order to effectively manage the thirdparty landscape.
- Development and maintenance of effective partner relationships with strategic vendors during all phases of the TPRM lifecycle.
- Conduct periodic rereviews of critical third party vendors.
- Assist management in the development of TPRMs vision strategy key internal and external reporting metrics and develop methodologies for the assessment of thirdparty risk throughout the organization.
- Perform inherent risk rating of vendors based on the level of engagement and type of data exchanged.
- Monitor changes during the vendor engagement and continuous monitoring feeds to trigger reassessments.
- Utilize software systems to compile and prepare reports graphs and charts of developed data.
- Assist Cyber and IT with vetting vendors cybersecurity controls and environment to understand the residual risk of the partnership.
Assist Finance and ERM with vetting vendors financials and business continuity controls and environment to understand the residual risk of the partnership.
Identify control gaps associated with a vendors control environment understand exposure likelihood of impact and provide recommendations to stakeholders regarding the risk of partnering with the vendor based of the assessment findings.
Critically examine work processes to suggest and implement changes and gain efficiencies.
- Organize and maintain the collection of duediligence documentation collected during all applicable assessments to ensure compliance with the agreement(s) between the parties.
- Stay abreast of emerging security threats industry best practices and regulatory requirements related to thirdparty risk management.
- Principal liaison between the vendor and internal groups during initial duediligence and ongoing risk monitoring discussions regarding thirdparty vendors.
- Coordinate with ERM in the development of thoughtprovoking scenarios and stress tests and facilitate tabletop exercises and other drills involving TPRM.
- Educate internal groups on a variety of TPRM concepts.
- Other duties as assigned.
Requirements:
- High School Diploma
- 2 years thirdparty risk management experience in a related field.
Qualifications & Skills:
- Moderate understanding of business continuity management and resiliency
- Understanding of how TPRM impacts various business areas and assisting those areas with managing thirdparty risk within an organization.
- Basic understanding of SOC2 reports cyber security assessments (NIST) and ISO (ISO 27001 Certification
- Knowledge of applicable laws and regulations (e.g. NYSDFS Regulation 500 GDPR PCI DSS etc. with a focus on data privacy and security.
- Basic Insurance Knowledge with an emphasis on Commercial General Liability and Tech/E&O Insurance coverages
- Strong working knowledge of Microsoft Office applications.
- Detail oriented organizational time management prioritization meet deadlines and multitask skills.
- Demonstrated ability to collaborate with multiple stakeholders and manage conflicting priorities effectively.
- Effective communication listening and problemsolving skills.
- Ability to work independently and as part of a team.
- Highly motivated selfstarter that is goal oriented.
- Professional attitude and manner with ability to maintain composure in stressful situations.
- Ability to motivate and influence committees on technical subjects.
- Experience facilitating key projects or initiatives.
- Sound decisionmaking ability within the boundaries of the assigned responsibilities
Payband TBD / Hours 40 per week
Salary Range: $51500 $78000
Applications accepted through: 4/23/25
Required Experience:
IC
Employment Type
Full-Time
