Senior Vendor Performance Analyst, VRM

Job Description

The Vendor Risk Management Analyst is responsible for leading, coordinating, and conducting vendor risk assessments for our Vendor Risk Management program. This is accomplished by reviewing vendor contracts, scorecards, invoices, due diligence questionnaires, and other documents to assess the vendor s control environment and compliance with legal and regulatory requirements. The Vendor Risk Management Analyst is responsible for all aspects of the vendor risk assessment including conducting vendor assessment interviews/meetings, identification of issues, tracking issues through closure, writing vendor assessment reports, and communicating with internal and external parties. The Vendor Risk Management Analyst is expected to ensure that vendor risk assessments are managed appropriately in accordance with the policies and procedures of the Vendor Risk Management program. Additionally, the Vendor Risk Management Analyst will provide daily vendor assessment status tracking and contribute with analysis and improvement initiatives. Job Functions and Responsibilities: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Examples below: Conduct and complete vendor risk assessments within scheduled timeframes, following-up with vendors with a sense of urgency when needed to collect requested information Understand regulatory requirements and set appropriate vendor assessment agendas utilizing checklists to review all applicable vendor risk areas Evaluate vendor documents to determine compliance with enterprise risk policies, contract requirements, and legal and regulatory requirements Review a sampling of vendor invoices for accuracy based on contracts and pricing terms Review vendor scorecard performance and understand contractual service level agreements Coordinate with the Information Security group for the review of the vendor security control environment to incorporate into the overall vendor risk assessment report Communicate findings to senior management and write comprehensive vendor assessment report and executive summary of vendor risk Collaborate with line of business vendor relationship owners in pre-assessment planning meetings and post-assessment risk issue remediation and action plans Assist in the development of corrective action plans and related documentation Monitor vendor risk issue mitigation and remediation efforts and follow-up with vendor through issue closure Identify opportunities to improve vendor risk assessment approach and the utilization of vendor risk management tools and software and suggest solutions to problems or inefficiencies Contribute on continuous process improvement initiatives Assist with other ad-hoc assignments Qualifications: bachelors Degree required. Preferred: Finance or Business Administration, Risk Management, or related disciplines (eg, information risk management, information technology, cybersecurity, data governance), or equivalent experience 2+ years vendor risk management and audit/assessment experience in financial services industry Mortgage origination and servicing industry knowledge is a plus Knowledgeable about vendor contracts and service level agreements Strong analytical skills, attention to detail, and exceptional intellectual curiosity Ability to add value and improve the quality of outcomes, rather than only following a set procedure Interpersonal relationship building skills and articulate written and verbal communication skills Excellent organization skills and ability to multi-task with many deliverables and requests while working on concurrent vendor assessments Ability to work under time pressure to meet deadlines, while maintaining a positive attitude Ability to effectively use technology and tools in managing the vendor risk management life cycle Expert knowledge of MS Office applications Experience with Process Unity application is a plus Certified Third-Party Risk Professional (CTPRP), Certified Enterprise Risk Professional (CERP) or relevant disciplines such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA), Certified Public Accountant (CPA) is a plus WORK SCHEDULE OR TRAVEL REQUIREMENTS Ability to travel as required