Third Party Risk Monitoring Senior Analyst

Third Party Risk Monitoring Risk Analyst

Key Responsibilities:

• Monitor, evaluate, and report on third-party risk management activities to ensure risks are identified, assessed, and mitigated effectively.
• Lead comprehensive assessments of third-party vendors to manage potential risks in both cyber and non-cyber areas.
• Develop, implement, and maintain robust third-party risk monitoring processes, tools, and procedures.
• Collaborate closely with business and technical teams to align risk mitigation strategies with business goals.
• Track and report on the success of risk mitigation measures, providing regular updates to management.
• Stay informed about current regulations, standards, and frameworks related to third-party and cyber risk management.
• Enhance the Third-Party Risk Monitoring Program by offering insights and aligning with strategic objectives.
• Manage the TP Risk Monitoring platform: triage vulnerability alerts, evaluate risks within the vendor portfolio, communicate effectively with vendors, and track remediation efforts.
• Oversee zero-day events and breaches, assess potential impacts, collaborate on resolutions, and ensure remediation actions are completed promptly.
• Regularly assess the vendor portfolio's hygiene, including residual risks, rating shifts, concentration risks, and fourth-party exposures.
• Build strong relationships with internal SMEs and external vendors, fostering cooperation on identified risks.

What You Need: Must-Have Qualifications:

• At least 7 years of experience in Third-Party Risk Management, including methodologies, processes, regulatory guidance, and industry standards (e.g., ISO, NIST, PCI DSS, Privacy).
• Minimum 5 years of practical experience with TP Risk Monitoring platforms, tools, and technologies in both cyber and non-cyber domains.
• Proven expertise in leveraging technology for continuous risk monitoring.
• Self-motivated and able to thrive independently and as part of a team.
• Proactive and adaptable to a fast-paced, agile business and technical environment.
• Demonstrated leadership experience, including mentoring junior staff.
• Passion for third-party risk management and a willingness to continue learning.
• Bachelor’s degree or equivalent professional experience. Preferred Certifications:
• Certifications in Third-Party Risk Management, such as CRVPM, Shared Assessments CTPRP, and/or CTPRA.
• Additional certifications in related risk disciplines like Information Security, Auditing, and Risk Management (e.g., CISM, CISSP, CRISC, CISA)