The Third-Party Risk Management Analyst is responsible for helping to facilitate Northwest's risk assessment of third parties and associated services, identifying and documenting material risks associated with third parties, and working with business owners and stakeholders to ensure appropriate strategies are in place to manage risks.
Essential Functions
- Work directly with Northwest's business line relationship owners to gain an understanding of the third-party services and how the business will utilize the services, ensure inherent risks are appropriately identified, and scope the risk assessment based on the level of risk presented by the third-party services.
- Communicate with the Relationship Owners (internal vendor relationship managers) of third parties to help facilitate the completion of questionnaires and submission of documentation needed to support the third-party risk assessment. Provide appropriate guidance and advice to Relationship Managers and vendors by drawing out useful information, asking questions, and analyzing feedback.
- Facilitate the coordination of the third-party risk assessment across Northwest's network of Risk Domain Owners (e.g., Information Security, Business Resiliency, Compliance, Technology) to support the timely review of third-party controls and determine residual risk.
- Seek out methods and resources for Relationship Owners to utilize to monitor vendor performance.
- Help to establish appropriate processes and procedures for Relationship Owners to comply with due diligence and ongoing monitoring requirements.
- Ensure third-party documentation is accurate, organized, and complete within Northwest's Governance, Risk, and Compliance (GRC) platform and maintain documentation and records supporting the completion of the third-party risk assessment.
- Help to query and analyze data from the GRC and other sources to construct meaningful risk reports highlighting material risks identified in the third-party assessment and clearly communicate risks to corresponding business owners and management.
- Escalate material risks to management timely and effectively to support the development of risk management strategies (e.g., data breach, service failure, bankruptcy).
- Establish a working knowledge of Northwest's business processes and associated products and services with an understanding of how third-party services are utilized to achieve business goals and objectives.
Additional Essential Functions
- Ensure compliance with Northwest's policies and procedures, and Federal/State regulations.
- Navigate Microsoft Office Software, computer applications, and software specific to the department in order to maximize technology tools and gain efficiency.
- Work as part of a team.
- Work with on-site equipment.
Safety and Health for those without supervisory duties
- Abide by the rules of the safety and loss prevention program.
- Perform work tasks in a safe manner.
- Report any and all injuries to supervisor.
- Know what to do in case of an emergency.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education
Bachelor's Degree in a business related field or equivalent business experience.
Work Experience
Less than 2 years in the risk management field.
General Employee Knowledge, Skills, and Abilities
- Ability to establish effective working relationships among team members and participate in solving problems and making decisions.
- Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written.
- Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information.
- Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information.
- Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas.
Additional Knowledge, Skills and Abilities
- Establish and maintain professional relationships within the Third-Party Risk Management team, third party representatives, line of business representatives, and risk domain experts.
- Communicate effectively and clearly (oral and written) to a wide range of stakeholders (i.e., third-party representatives, business relationship owners, risk domain experts, senior management).
- Manage a workload with a volume that includes the multiple risk assessments existing in various stages across the risk assessment life cycle.
- Exhibit organizational skills to support the collection and management of documentation collected through the risk assessment.
- Exhibit attention to detail needed to complete risk assessments and portray professional judgment in identifying and escalating risks.
- Exhibit a comfort with a fast-paced and self-managed environment.
- Ability to effectively self-prioritize and self-manage workload.
Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
#J-18808-Ljbffr