Previous Job
Third Party Risk Analyst
Ref No.: 18-00065
Location: Missouri
Start Date: 02/07/2018
Job description:

The Third Party Risk Analyst is part of the Third Party Risk Management (TPRM) Center of Excellence team within the Global Supply Chain organization. The analyst is responsible for performing Risk Assessments of Suppliers and other Third Parties to ensure compliance with Client's requirements; which are aligned to the TPRM Process Framework. The analyst will be responsible for conducting KYC analysis and assessing the third parties controls, calculating the impact of potential adverse events, mitigation requirements to lower risk exposure and driving appropriate escalations.

Primary responsibilities include the execution of risk assessments; which include:
  • Engage with multiple business owners of third parties to ensure compliance with required assessments, procedures, and cadence per the Client TPRM Process Framework; assessment administration for both new and existing engagements.
  • Prepare and facilitate assessments within the identified system and in alignment to the TPRM Process framework; including system administration and system/process training & ongoing communication.
  • Evaluate completed assessment and supporting materials to ensure completeness and Client's expectations are being met; including the identification of control gaps, weaknesses and vulnerabilities.
  • Clearly document and define risks, potential impacts and the probability of such an event.
  • Escalate high-risk findings to Third Party Risk Managers within Global Supply Chain to drive decisions, formal sign-offs, and treatment plans.
  • Compose and post risk assessment reports regarding third-party exposure and risk likelihood.
  • Ensure required certifications and documents are current and maintained in the identified system.
  • Identify, document and communicate opportunities for improving third-party risk posture.
  • Other duties as requested by COE management

  • Thorough understanding and experience in the field of risk management.
  • Thorough knowledge and experience in the TPRM discipline; including identification, segmentation, analysis, evaluation, treatment, and reporting.
  • Possesses a strong understanding of Third Party Lifecycle Management activities; such as selection, negotiation, contracting, operational risk management, relationship management, performance management and contract management
  • Proven experience in evaluating a Supplier or other Third Party's security, compliance, financials and operating/business controls to minimize the likelihood of a risk event occurring and or impact of an event to protect Client's assets, data, brand, and reputation. With consideration given to the following scale of experience preferred:

o 40% Cyber Security

o 30% Financials

o 20% Compliance

o 10% Operating/Business Controls

Technical Abilities:
  • Proficient in Microsoft Suite products including Word, Excel, Access, Visio, and PowerPoint
  • Experience with MetricStream (or comparable) is desired

Education and Skills:
  • Bachelor's degree or equivalent work experience required.
  • Preference is given to candidates with CISSP, CISA, QSA, CRISC and ISA certifications.
  • Professional comportment and excellent communication and presentation skills applicable to all levels of the organization
  • Excellent organizational skills and a demonstrated ability in multi-tasking on complex projects
  • Ability to work effectively on an individual level, as well as partner with others as part of a team
  • Working knowledge of regulatory requirements such as GLBA, PCI, EU Data Directive, SOX, and HIPAA.
  • Broad technical knowledge, working knowledge of various platforms (UNIX, Oracle database, Windows/Active Directory etc.).
  • Comprehensive understanding of IT controls policies.