Description

Position Summary

As a Vendor Management Analyst II, you will contribute to the efforts of our Cardmember Administration Management (CMAM) department by assisting with the organization, administration, and facilitation of its third-party risk management assessment process and business continuity functions. This role will support the Vice President and Assistant Vice President with all phases of third-party risk assessments, documentation, and communication, as well as the build-out of the TPRM Governance, Risk, and Compliance (GRC) tool.

Summary of Essential Job Functions

• Support the end-to-end third-party implementation process to ensure vendors meet our control standards, including pre-contractual third-party reviews, ongoing monitoring controls, and risk assessment to identify the required controls and potential risks to remediate and document any remaining risks in the security risk register for post-implementation remediation
• Perform assessments of all aspects of the provider
• Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions
• Develop a comprehensive understanding of the organization's third-party risk management framework and standards
• Ensure assessments within the company are following known industry frameworks (i.e., PCI-DSS, FFIEC, OCC, ISO, NIST)
• Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processes
• Assist in developing and enhancing third-party due diligence policies, procedures, and frameworks to improve the effectiveness and efficiency of risk assessment processes continually
• Back up selected Vendor Manager functions
• Perform other duties as assigned

Position Requirements

• Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management
• Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as the FFIEC Handbook, ISO 27001, NIST CSF, NIST SP 800-53, GDPR, PCI-DSS, and other industry-specific regulations
• Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating compliance with policies, procedures, and regulatory requirements
• Strong analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance
• Ability to collaborate effectively with cross-functional teams, including legal, compliance, IT, and business units, to gather necessary information and ensure compliance with risk management processes
• Excellent written and verbal communication skills, with the ability to prepare clear and concise reports, summaries, and documentation related to risk assessments
• Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks
• Strong organizational skills to monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions
• Familiarity with risk management software or tools for tracking and managing third-party risks may be advantageous
• Proactive attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management
• Ability to work independently and as part of a team, focusing on delivering high-quality results within established deadlines

Minimum

• Bachelor’s Degree. Bachelor’s degree in Cybersecurity, Business, Operations, Engineering, or equivalent years of work experience in a corporate environment
• Minimum of 3 years of experience in third-party risk management, vendor management, information security, IT auditing, or equivalent experience
• Experience writing technical documentation and reports
• Experience with Excel, creating pivot tables and formula

Preferred

• Any of the following Certification(s): CTPRP, CISSP, CISA, CRISC, CISM
• Interagency Guidance on Third-Party Relationships in Risk Management

Credit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. Credit One Bank is an equal opportunity employer committed to diversity and inclusion and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, or national origin. Reasonable accommodations can be made for those who require them, including access to job applications and workplace accommodations. Employment at Credit One Bank is based on mutual consent (also known as at-will). This means that employees and the Bank may terminate the employment relationship at any time, with or without cause and with or without notice. Please contact the recruiter for this position to learn more. Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.