Third-Party Risk Management Cyber Analyst

Duties and Responsibilities:

• Possess and demonstrate an ability to recognize and analyze qualitatively and quantitatively third-party risks, as defined by TPRM Management.
• Maintain an up to date knowledge about information systems, information technology, cybersecurity, data architecture, including the risks and mitigations associated with each.
• Ability to interact with the Information Technology stakeholders and third-party IT representatives, challenging documented assumptions, and conclusions whenever the evidence does not support them, and assist them to meet TPRM standards of documentation.
• Acts proactively in resolving pending items, following up with the different stakeholders to complete the TPRM process, cordially discuss assessments’ results completed by IT and other stakeholders when documentation for risk rationale and conclusion seem insufficient or unclear.
• Demonstrate critical thinking skills to identify critical risks and understand interrelationships among different risk categories.
• Communicate effectively through multiple mediums (electronic and in-person), write clearly and effectively, & document findings appropriately and completely.
• Ability to utilize Microsoft Word, Excel, PowerPoint, and other reporting/presentation tools.
• Execute assigned tasks and responsibilities timely with the highest level of professionalism.
• Demonstrate credibility with business partners and leadership, to appropriately influence business decisions, and exercise strong business judgment.
• Demonstrate an ability to work independently but seek appropriate input and feedback. Identify opportunities to create additional value for internal business team members and partners through continuous improvement.
• Conduct and evaluate third-party risk assessments, including SOC Reviews and security assessments, as defined by TPRM Management.
• Completion of due diligence (initial and ongoing) for third parties with input from stakeholders.
• Collaborate with internal stakeholders and third parties to mitigate and otherwise resolve third-party risks.
• Collaborate effectively with TPRM team, other TPRM analysts, and Risk Management leadership.
• Collaborate with IT Security and Architecture to ensure all measures are being taken to accurately assess complex third-party technologies.
• Conduct periodic TPRM training and awareness with business lines and TPRM personnel.
• Acts as subject matter expert on TPRM procedures.
• Other duties as assigned.

Qualifications:

Bachelor’s degree in Business Administration, Information Systems, Computer Science, Cybersecurity or equivalent degree or experience preferred. One to three years of IT/Cybersecurity experience and/or related certifications required.

Possess the ability to communicate succinctly and effectively verbally and in writing. Strong and adaptable computer skills, including MS Office products and other business software. Knowledge of risk management including IT systems and related risks and controls. Ability to always maintain the confidentiality of the Credit Union and member records.

Preferred Skills:

• Professional experience in business operations, project/program management, finance, risk management, business analytics, cyber security/data privacy, or similar.
• Knowledge and understanding of the critical components of Vendor’s System and Organization Control Report (SOC Report) review processes.

Performance Standard:

This position requires an elevated level of professionalism in attendance, quality, and quantity of work performed. Strong ability to communicate with team members, third-party contacts, and management effectively through professional verbal and written communication. Capability to work collaboratively including managing and initiating effective cross-functional relationships. Ability to de-escalate potential emotionally charged conversations, while still achieving TPRM objectives. A demonstrated cooperative and positive attitude toward team members and stakeholders. Capacity to identify issues, analyze information to assess root cause and relationships, risks, and potential risk responses. Ability to synthesize and summarize complex data into concise recommendations and reports. Skilled in utilizing various business software to prepare reports, memos, summaries, and analyses. Qualified to balance multiple priorities, adapt to a constantly changing business environment, work independently, drive projects to completion, and meet deadlines in a professional environment. Must be willing to comply with the Bank Secrecy Act and USA Patriot Act as implemented by Idaho Central Credit Union.

Physical Requirements:

• Perform tasks requiring manual dexterity (processing paperwork, filing, stapling, sorting, collating, typing, counting cash, etc.).
• Sit for extended periods of time.
• Lift 20-40 pounds of applicable supplies including but not limited to copy paper, cash drawers, marketing material, etc.
• Repetitive motion using wrists, hands, and fingers.
• Reach keyboards.
• Ability to operate basic office machines (calculator, computer, telephone, copy machine, fax machine, etc.).    

The above statements reflect the general details considered necessary to describe the essential functions of the job and should not be construed as a detailed description of all the work requirements that may be inherent of the job.

Must be eligible for membership at Idaho Central Credit Union to obtain employment.

Idaho Central Credit Union is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, age, disability, protected veteran status or other characteristics protected by law.