Corporate Senior Third-Party Risk Analyst

About the Role

The Senior Third-Party Risk Analyst reports to the Corporate Third-Party Risk Manager and serves in a lead capacity to advance the Third-Party Risk Management (TPRM) program. The role leverages critical thinking, problem‑solving, analytical and organizational skills to manage, mature and enhance the TPRM program, implement technology solutions, and coordinate activities across the entire third‑party life cycle.

• Help lead the design, build, implementation, and optimization of third‑party risk management technology platform and supporting processes, including execution of strategic initiatives to modernize the TPRM operating model. Assess current state processes and technology capabilities, compare against regulatory expectations and future state requirements, and identify gaps requiring remediation or enhancement.
• Provide Program guidance for risk‑based due diligence reviews across third and fourth party relationships. Utilize the bank's risk profile framework to assess inherent risk and accurately risk‑rate third parties, with particular focus on operational, information security, cybersecurity and compliance risk. Partner with Third Party Relationship Owners to facilitate completion of due diligence requirements, review and challenge provided due diligence. Escalate material risks and issues to third‑party risk as appropriate.
• Develop, enhance and maintain the overall TPRM Program through updates to policies, procedures, governance, templates, technology, training and communication. Ensure effective use of the third‑party risk management system across all phases of the third party lifecycle and maintain alignment with applicable regulations and current cyber risk mitigation practices. Lead initiatives to clearly define and monitor third party access to sensitive customer, employee and bank data and systems.
• Manage the contract review process with business units and division staff to ensure contract language appropriately protects the bank's interest, reduces operational, legal and financial risk, and includes required contractual provisions. Support contract execution, ongoing contract management, and contract termination processes to ensure the secure return or destruction of customer, employee and bank information.
• Create, enhance, and deliver management and board reporting, including third‑party inventories, dashboards, performance metrics, issue tracking, risk acceptance and findings. Effectively communicate results and recommendations to audiences at all levels of the organization and identify risks requiring escalation.
• Monitor regulatory and industry developments related to third‑party risk management and proactively enhance the program to align with evolving expectations and best practices. Provide leadership to ensure compliance with Inter‑agency Guidance on TPRM and related regulatory requirements, and serve as the key point of contact with regulators, auditors, consultants, and other external parties.
• Support the Enterprise Risk Management function through activities such as report development, technical writing, regulatory reporting and research of emerging risk issues as needed.
• Must comply with all company policies and procedures and all applicable laws and regulations, including the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date.

• Education:
  • Required:
    
    Bachelor’s Degree in Business Administration, Finance, Accounting, Mathematics, Economics, Computer Science, Business Information Systems or another business‑related field.
  • Preferred:
    Legal education such as paralegal studies;
    Juris Doctor (JD).
• Experience:
  • Required:
    
    5 years of experience developing and managing risk activities such as legal, vendor/third‑party, information security, compliance, audit, regulatory, consulting, or other related programs.
  • Required:
    
    2 years of experience conducting assessments of contracts, agreements, regulations, laws, or other complex technical documents, and the ability to interpret, challenge and recommend revisions.
  • Required:
    
    1 year of experience…