Third-Party Risk Management (TPRM) Analyst / Senior Analyst

Role & Responsibilities

• Risk Assessments & Due Diligence: Conduct end-to-end third-party risk assessments during onboarding and periodic reviews, including inherent risk scoring and detailed due diligence.
• Compliance & Frameworks: Evaluate vendor compliance with internal policies and industry standards including regulatory frameworks such as ISO 27001, NIST, SOC 2, and GDPR.
• Risk Mitigation & Monitoring: Identify control gaps in vendor responses, recommend actionable mitigation strategies, and track the remediation of identified issues in collaboration with internal stakeholders and vendors.
• Documentation & Reporting: Maintain accurate documentation of all TPRM activities, including risk assessments, contracts, and supporting evidence (e.g., SOC reports, insurance documents). Prepare risk reports and dashboards for management and governance committees.
• Stakeholder Collaboration: Partner with internal teams (e.g., Procurement, Legal, Information Security, Business Units) to facilitate due diligence activities and ensure alignment with the enterprise risk management program.
• Process Improvement: Proactively identify opportunities to improve and streamline TPRM processes and procedures, contributing to the continuous maturity of the program.

Preferred candidate profile

• Education & Experience: A Bachelor's degree in any discipline with 3-5 years of relevant experience in Third-Party Risk Management, Vendor Risk Management, IT Risk & Compliance, or internal audit.
• Technical Knowledge: Strong understanding of risk management principles, information security controls, and control testing methodologies.
• Analytical Skills: Excellent analytical and problem-solving skills with strong attention to detail, capable of analysing complex information and making data-driven decisions.
• Communication: Strong verbal and written communication skills, with the ability to effectively communicate complex risk concepts to technical and non-technical audiences.
• Project Management: Proven ability to manage multiple concurrent projects, prioritize tasks, and meet deadlines.

Preferred Qualifications and Certifications

• Certifications: Professional certifications such as Certified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA) or CRISC are highly desirable.
• Industry Knowledge: Familiarity with specific regulatory guidance relevant to the financial services, regulations like OCC or FFIEC.