Previous Job
Senior Third Party Risk Professional
Ref No.: 18-00558
Location: New York, New York
Job Description:

The Third Party Risk Analyst is responsible for project administration, tracking, monitoring and response coordination on Policy, Operational Risk assessments, Internal Audit, Third Party Risk Management and regulatory compliance items. He/she will report directly to the officer responsible for Operational Risk & Resiliency in the company's Operational Risk Office, a division of the company's Corporate Finance area.

  • The Senior Analyst, Third Party Risk will perform third party risk assessments on new and existing third parties on an enterprise-wide basis
  • Preparation of detailed and summary reports of assessment, including customized reports, as needed
  • Work as a Subject Matter Expert (SME) and with other SMEs within the Operational Risk Office, IT, Law, Privacy, Compliance, Sourcing and Treasury to develop and apply risk assessment criteria (aligned with Corporate Policy)
  • Work directly with internal business partners to assist them in effectively managing their operational risks related to identification of potential risks in business processes, applications, systems, associated with third party engagements
  • Work with IT, Sourcing and Law to ensure compliance and integration of third party risk management lifecycle elements
  • Ability to perform contract reviews of redlines and approve/reject changes
  • Identify and measure the risks facing a business area, process or workflow based on facts, business environment and practicality and perform appropriate due diligence to ensure identification and management of risks
  • Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with risk appetite and tolerance
  • Work directly with new and existing third party vendors to assess risk controls to ensure data is adequately safeguarded
  • Promote awareness and enhance our internal service model that informs the business of key risks in a timely manner so as to limit unnecessary impediments and avoid bureacracy
  • Contribute to building of training program for internal business partners on due diligence process as well as their obligation in ongoing monitoring

Competencies / Skills:
  • Experience in large companies and/or complex environments, or providing professional consulting services for them
  • Demonstrated leadership skills that instill trust and confidence with an ability to influence execution
  • Demonstrated abilities in problem-solving and analysis; identifies issues, analyzes information to assess root cause and relationships, risks and potential risk responses
  • Proven ability to synthesize and summarize complex data into concise recommendations and reports
  • Excellent written and verbal communication skills to deliver the "whole message " in a concise, persuasive and succinct manner
  • Proven ability to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion and meet deadlines in a fast-paced environment with only periodic supervision
  • Ability to work collaboratively and manage and initiate effective cross-functional relationships maintaining a high level of professionalism, self-motivation and a strong sense of urgency
  • Strong computer skills, including MS Office products (e.g. Word, Excel, PowerPoint, Visio) and other business software to prepare reports, memos, summaries and analysis. Experience with GRC tools (e.g., Archer) is a plus
  • Competency in customer focus, change and innovation, strategic thinking, relationship building and influencing, talent management, results focus and inspirational leadership
  • Ability to manage effectively and work closely with business leaders in a high pressure, fast paced, highly collaborative environment with multiple deadlines and competing priorities

  • Ability to conduct thorough third party risk assessments, through application of established criteria
  • Strong understanding of the principles of risk management, information security and their relationship to corporate governance activities such as operational risk assessment and organizational impact
  • Clear understanding of industry standards risk analysis approaches: ISO, COBIT, COSO, as well as regional standards and regulations; Sarbanes Oxley, Basel II, GLBA, HIPAA and crisis management / business resiliency practices
  • Demonstrated consistent credibility as a subject matter expert with business partners and leadership while recommending initiatives, identifying gaps and potential issues
  • Collaborate with internal partners and third parties to mitigate and otherwise resolve third party risks influencing business decisions and applying professional judgement for selecting the appropriate methods and techniques
  • Strong analytical and problem solving skills and attention to detail
  • Possesses and builds on knowledge of operational risks and trends relevant to financial services and insurance staying abreast of current and pending regulatory and compliance requirements
  • Provide virtual leadership and guidance to the analyst level team on best practice and continuous improvements for processes, assessments and other operational activities
  • Strong knowledge of and experience in risk management and internal controls required spanning fraud, legal liability, regulatory, privacy, information and cyber security, reputational harm, business resiliency, theft of assets, financial losses and errors/omissions

Education and Experience:
  • BS/BA degree, Advanced Degree preferred or equivalent experience
  • Certification in risk management and/or third party risk management preferred
  • 5+ years of Operational and/or Third Party Risk experience required
  • Solid background both educationally and via professional experience
  • No less than 7 years professional experience in business operations, project/program management, risk management, information security, business analytics and/or simliar