Vendor Risk Management Analyst

Primary Purpose:

The Vendor Risk Analyst is responsible for the identification, assessment, monitoring, and reporting of risks associated with outsourcing products and services to third-party vendors. The Vendor Risk Analyst partners with the VRM Manager and lines of business to execute key department activities including vendor risk classification, due diligence, contract structuring, onboarding, and periodic oversight and monitoring activities while collaborating with vendor relationship owners and third-party vendors to support departmental goals and objectives.

Essential Responsibilities:

• Coordinates vendor risk lifecycle activities with internal vendor owners, specialist area partners (Information Security, Compliance, Business Continuity, and Legal), and external third parties to obtain documentation and facilitate timely task completion.

• Performs risk assessment and due diligence review activities (financial analysis, reputational monitoring, and operational control environment reviews), with minimal input from VRM Manager, exercising the appropriate amount of critical thinking and risk analysis rigor for an assigned portfolio of vendor relationships.
• Develops and delivers completed review reports, with minimal input from VRM Manager.
• Performs administrative and regulatory review of contracts and other legal documents, with minimal management supervision.
• Maintains vendor inventory, vendor files, program software, due diligence artifacts, and related documentation.
• Identifies vendor risk events, changes, and issues and report on findings, with modest input from VRM Manager.
• Collaborates with VRM Manager to analyze vendor performance, identifiable risk, exceptions, and risk mitigation plans.
• Maintains VRM Policy, Standards, Procedures, and other risk-focused program documentation with modest input from VRM Manager.
• Applies a strong knowledge of regulatory requirements and industry best practices.
• Adheres to applicable federal laws, rules, and regulations including those related to Anti-Money Laundering (AML) and the Bank Secrecy Act (BSA).
• Other duties as assigned

Minimum Required Skills & Competencies:

• Bachelor's degree in Business, Finance, Accounting, Communications, Information Technology or related discipline
• 4 years of experience within enterprise risk programs and processes.
• 4 years risk management, audit, information technology/security, or compliance experience.
• 4 years of financial services or banking experience.
• 4 years of project management experience.
• Basic understanding of risk management principles, banking operations, products/services, systems, and associated risks/controls
• Working knowledge of vendor risk lifecycle activities
• Knowledge of regulatory guidance, including Interagency Guidance on Third Party Relationships: Risk Management or FIL-29-2023.
• Able to build strong relationships with business partners.
• Strong oral and written communication skills.
• Able to work well in a time-sensitive environment and handle a variety of tasks simultaneously.
• Able to work independently and in a team-oriented, collaborative environment.
• Intellectually curious; strong analytical skills, working with data and drawing conclusions.

Desired Skills & Competencies:

• Graduate degree in Business, Finance, Accounting, Communications, Information Technology or related discipline
• Experience in risk or vendor-related role (i.e., vendor risk, strategic sourcing, or procurement).
• Holds an industry-recognized third-party risk management or vendor management certification.

Physical Requirements:

• Express or exchange ideas by means of the spoken word via email and verbally.
• Exert up to 10 pounds of force occasionally, use your arms and legs, and sit most of the time.
• Have close visual acuity to perform activities such as analyzing data, viewing a computer terminal, reading, and preparing documentation.
• Not substantially exposed to adverse environmental conditions.
• The physical demands described here are representative of those that must be met by an employee to successfully perform the essential responsibilities of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform essential responsibilities.

#LI-LP1