Analyst, Vendor Risk Continuous Monitoring Program

Job Description

About the Role: The Analyst would be a part of Vendor Risk Continuous Monitoring Team within Vendor Risk Management (VRM) program. The primary responsibilities include Continuous monitoring of vendors via monitoring tools, reviews the alerts and work with Vendor, Business and SMEs to validate the impact and recommend the corrective actions. These monitoring would be across financial, compliance, reputational cyber security, and privacy domains. This role requires a strong understanding of vendor risk management processes, compliance frameworks, and industry regulations. This role would also require to conduct period assessments on the Third parties as well as on the Affiliates to support the organizations overall risk management strategy. The Team: Vendor Risk Management is a critical function that organizations globally are increasingly focusing on. Our team ensures thorough reviews of each vendor engaged globally, supporting the business in making risk-informed and data-driven decisions. We collaborate closely with Business Units and Risk Domain Subject Matter Experts (SMEs), such as Cyber Risk, to conduct assessments and recertifications in compliance with regulatory requirements. When issues are identified, VRM team is responsible for ensuring risk mitigation and providing feedback to leadership before engaging with the vendor. Responsibilities and Impact: Working in Vendor Risk Management Team provides the opportunity to continuously improve processes in response to the evolving requirements of various regulators. This dynamic environment offers ample opportunities to expand your knowledge and expertise. In addition to conducting risk assessments, and continuous monitoring, you will have the chance to contribute to various projects, enabling you to showcase and further develop your skills and experience. Key responsibilities: Continuously monitor the risk posture of vendors, identifying emerging risks or changes in risk levels. Leverage monitoring tools and data to track and evaluate the ongoing performance of vendors. Conduct comprehensive risk assessments of third-party vendors and Affiliates, ensuring alignment with organizational risk tolerance and standards. Evaluate financial, operational, cyber, compliance and privacy risks associated with each vendor relationship. Perform periodic reviews and assessments of existing vendor relationships, and affiliates to ensure that risks are managed appropriately. Work directly with Internal Business Partners to understand the services and assist them in capturing the correct risk in the assessments and perform the quality review. Work with vendors and internal teams to develop risk mitigation plans and track remediation efforts for any identified issues or non-compliance. Collaborate with Cyber Risk/Information Security, Business Continuity, Procurement, Compliance and other Domain SMEs to ensure correct risk level is documented in the Vendor Risk Assessment results and track the progress. Lead and support enhancement projects within Vendor Risk Management to meet various business and regulatory requirements. Identify opportunities to streamline risk assessment processes and improve the overall effectiveness of the Vendor Risk Management program. Assist the team members in balancing the load and managing Ad-hoc projects. What Were Looking For: Basic Required Qualifications: Professional with Vendor Risk Management background, having good experience in conducting vendor risk assessments, or related fields (e.g., compliance, IT audit, GRC) with at least 2-5 years of experience after Degree/Masters Should have experience in understanding and managing the risk for IT and Cloud based vendors. Should have experience working in information security and understanding of the concepts of information security controls including ISO and NIST. Should have understanding on the roles and responsibilities of different risk functions like Third Party Risk Management, QA Function, IT Risk, Operational Risk, Financial Risk, Internal Control, Internal audit, Privacy and Compliance etc. Familiarity with vendor management tools and continuous monitoring platforms is a plus. Excellent communication skills - a must. The resource should have the ability to communicate with cross-functional teams and vendors, both written and oral communication is critical. Can work from 2pm-11pm India Time Additional Preferred Qualifications: This position is required to work in UK Shift; flexibility is a must, especially when it comes to vendor and internal meetings held during US business hours. Strong organizational skills with the ability to multitask and prioritize while maintaining close attention to detail. Ability to build strategic partnerships with internal stakeholders. Must be a critical thinker with strong qualitative skills. Information Security/Risk Management certification would be an advantage.