Senior Risk Analyst, Vendor Management

Job Description

Job Description

Position Summary:

The position of Senior Risk Analyst, Vendor Management is responsible for leading and/or participating in information security compliance and risk management initiatives. The candidate should demonstrate broad risk knowledge, the ability to maintain quality service standards set by the organization and a willingness to partner with organizations outside the department.

Minimum Qualifications (Education, Experience, Skills)

• Bachelor Degree in Computer Science or coursework in IT, Security, or Risk Management
• CISSP, CRISC, CISA, or other Security, Audit, Risk, or Technology certifications desired
• 5+ years’ experience in IT, Security, or Risk Management (combined)
• Understanding of Artificial Intelligence (AI), cloud computing and other emerging risks
• Track record of producing quality deliverables under limited supervision
• Exceptional organizational skills to be able to prioritize concurrent projects effectively and meet deadlines and commitments
• Effective written skills, verbal communications, and positive interpersonal skills.
• Advanced Microsoft Word, Excel, and PowerPoint skills
• Financial Institution background preferred

Essential Duties and Responsibilities

• Perform vendor risk assessments as assigned. Collaborate with vendors and business owners to gather documentation and develop vendor treatment plans
• Evaluate new technology projects, and changes to existing technology environments
• Perform project risk assessments to identify potential risks to the credit union and its members
• Perform contract reviews to ensure verbiage meets compliance and legal requirements for the business relationship
• Follow prescribed business SLAs, to ensure timely completion of all tasks. Escalate non- compliance of SLAs to the Vice President, Vendor Management
• Acquire proficiency within the Governance, Risk, and Compliance (GRC) solution as it pertains to the risk assessment modules and risk register functionality
• Create metrics and regularly report on the health of assigned activities
• Participate in the design and presentation of security education and awareness training as required
• Review and update procedures within ISCR to ensure compliance with policy and legal and regulatory requirements
• Monitor regulatory and audit observations, and collaborate with business owners to develop effective remediation plans
• Perform risk assessments for various GRC programs based on requirements
• Participate in Change Advisory Board (CAB) and project meetings. Establish criteria for initiating risk assessments based on the meeting discussions

Other Duties and Responsibilities

• Perform application assessments, branch security risk assessments, and documentation management as required
• Setup meetings with business areas and/or vendors to discuss challenges and/or risk assessment results
• Participate in security and/or risk related committees as required
• Assist with other ISCR initiatives as assigned by the Vice President, Vendor Management.

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is regularly required to use hands and fingers to handle or feel objects, tools, or controls and talk or hear. The employee is frequently required to stand and reach with hands and arms. The employee is occasionally required to walk; sit; climb or balance; and stoop, kneel, crouch, or crawl.

The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

The noise level in the work environment is usually moderate.