Risk Analyst

Position Overview:

The Third Party Risk Analyst will be responsible for assessing, managing, and mitigating risks associated with third-party vendors and partners. This role involves conducting thorough risk assessments, monitoring vendor compliance, managing findings, and collaborating with internal stakeholders to ensure that all third-party engagements comply with the organization's risk management policies and regulatory requirements.

Key Responsibilities:

Risk Assessment:

Conduct comprehensive risk assessments of third-party vendors, focusing on areas such as data security, infrastructure security, compliance, and operational resilience.

Evaluate vendor risk profiles and categorize vendors based on risk levels and criticality to the organization.

Due Diligence:

Perform due diligence on prospective and existing vendors, including reviewing security controls and compliance with regulatory standards.

Ensure that all vendors meet the organization's security requirements before engagement.

Vendor Monitoring:

Continuously monitor third-party vendors for changes in risk profiles, compliance status, and performance.

Maintain a vendor risk dashboard to track key metrics and provide regular updates to management.

Issues Management:

Identify, document, and prioritize findings from risk assessments and vendor evaluations.

Develop and track remediation plans for identified findings or issues, ensuring timely resolution and mitigation of risks.

Communicate issues and remediation status to relevant stakeholders and ensure follow-up actions are completed.

Collaboration and Communication:

Collaborate with internal departments such as DPO, Tech team, legal, procurement, and compliance to integrate third-party risk management practices into business processes.

Communicate risk assessment findings and recommendations to stakeholders, ensuring transparency and informed decision-making.

Policy and Procedure Development:

Assist in the development and implementation of third-party risk management policies, procedures, and frameworks.

Ensure that all processes align with industry best practices and regulatory requirements.

Training and Awareness:

Conduct training sessions and workshops to raise awareness of third-party risk management practices among internal teams.

Provide guidance and support to business units on managing vendor risks effectively.

Qualifications:

Bachelor's degree in Computer Science, Risk Management, Information Security, or a related field.

3 - 5 years of experience in risk management, vendor management, or a related role.

Strong understanding of risk assessment methodologies and third-party risk management best practices.

Familiarity with regulatory requirements and industry standards such as ISO 27001, NIST, GDPR, etc.

Excellent analytical, communication, and interpersonal skills.

Ability to work collaboratively with cross-functional teams and manage multiple tasks simultaneously.

Proficiency in GRC software and tools is a plus.