Senior Risk Analyst (Third Party Risk Management)

Overview

Responsible for identifying, assessing, and mitigating risks within the organization with a focus on Third Party risk management. Typically, the ideal candidate will have a professional qualification in one or more areas of risk management or its equivalent and coordinate with other business units and SMEs to ensure compliance with internal policies, industry regulations, and best practices in TPRM. Work independently to interpret and develop solutions to complex business challenges that have management strategies and improve the overall TPRM posture of the Credit Union. Recognized as an expert in their own area within the organization. Streamline processes within the Credit Union to drive consistencies and enhance the management process for the Third-Party lifecycle. Advanced skill set and proficiency with procedures and techniques.

Responsibilities

• Plan the research for and development of specialized risk assessment scopes
• Collaborate with management and personnel to optimize risk assessment scope development
• Monitor vendor relationships to ensure continued compliance with contractual and regulatory requirements
• Lead and coordinate annual vendor reviews and periodic risk re-assessments, ensuring documentation is complete and current
• Maintain a centralized vendor management system and ensure data integrity, including risk ratings, criticality tiers, and supporting documentation
• Identify potential business risks, operational and regulatory process deficiencies, and improvement opportunities
• Gather and synthesize data; present conclusions and offer risk mitigation, remediation and process improvement solutions to management
• Develop, Implement, and maintain third-party risk management (TPRM) policies, procedures and frameworks in compliance with NCUA, ERM guidelines, federal and state laws, and Navy Federal's quality control standards
• Partner with Information Security to conduct due diligence and risk assessments for new and existing vendors, including financial, operational , compliance, cybersecurity and reputational risks.
• Collaborate, facilitate and report on efforts to improve the efficiency and effectiveness of risk mitigation processes
• Present technical risk reports to senior management and key stakeholders, highlighting key risk areas, proposed actions, remedial or mitigation solutions
• Remain current on evolving regulatory requirements, industry trends, and best practices in third-party risk management
• Collaborate with Legal, Compliance, Information Security and Business Units to ensure appropriate risk controls and contract language are in place

Qualifications

• Bachelor's degree in business administration, Auditing, or related field or equivalent combination of training, education and experience
• Knowledge and understanding of business area/specialization and risk-based auditing techniques and methodologies
• Advanced knowledge of operational and regulatory risk control concepts and practices
• Direct experience with developing and implementing risk rating models, risk scoring and vendor segmentation
• Skilled in vendor onboarding/offboarding and ongoing monitoring strategies
• Proven experience conducting due diligence and risk assessments for vendors and third-party vendors
• Experience with managing multi-faceted projects simultaneously that have cross-departmental impact
• Familiarity with GRC platforms and Vendor management tools such as ServiceNow and Vendoor
• Significant issues management and remediation experience
• Relevant cybersecurity & IT governance experience
• Advanced knowledge of applicable federal and state regulations, company policies, and industry best practices
• Deep Knowledge of regulatory frameworks including ADA, FFIEC,GDPR
• Proven ability to plan, organize and effectively execute risk mitigation and process improvement initiatives
• Advanced organizational, planning and time management skills
• Advanced research and analytical skills
• Excellent verbal and written communication skills, with the ability to translate technical risks into business language for non-technical stakeholders.

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Drive, Pensacola, FL 32526

About Us