**Responsibilities**:
**What will you contribute?**
Working as part of the Global Risk Management team, and reporting to the Director, Third Party Risk Management the Third-Party Risk Management Analyst will ensure that the day-to-day activities of the vendor due diligence programs are successfully performed. This includes managing the risk assessment and due diligence processes, both at onboarding and throughout the lifecycle as part of Finastra's Third Party Risk Management Program.
**Responsibilities & Deliverables**:
Your responsibilities and deliverables as a Third-Party Risk Management Analyst will include, but are not limited to, the following:
- ** Support the Finastra's third party risk strategy**, collaborating with various stakeholders to perform due diligence, risk assessment and ongoing monitoring of Finastra's third parties and partners, ensuring inherent risks and control gaps are accurately identified and remediated
- Ensure Third Party Risk Management policy and procedures, and **Fusion Risk Management tool** capabilities are implemented according to approved goals and policy
- Validate incoming vendor and partner engagements, working with business partners to ensure data is complete and accurate and inherent risks are identified
- Coordinate the distribution of due diligence questionnaires to the vendors and partners, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating.
- Ensure all appropriate assessments are distributed, tracked and returned on a timely basis.
- Ensure that vendors have required assessments and supplied artifacts.
- Be a strong liaison to ensure that Risk Stakeholder questions are answered by Business or Suppliers as required. Conduct certain aspects of supplier due diligence not covered by risk stakeholders
- Respond to inquiries/examination requests by supporting elements of the regulatory and audit examination cycle for inquiries or exams
- Contribute to the development of detailed procedural documents and ensure alignment of TPRM with regulatory requirements including FFIEC, OCC and other applicable regulations
- Identify, prioritize and pursue opportunities to enhance Finastra's third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness
- Ensure fourth parties are identified, captured and reported across all suppliers
- Develop and run consistent and accurate reports related to the supplier list and analyze data to prepare supplier reporting for senior management
- Develop and populate metrics, reports and spreadsheets as necessary to showcase issues, risks and program status.
**Required Experience**:
- Have three to five years of work experience related to Third Party Management, Vendor Risk Management, and/or Procurement, particularly in financial services and the payments and loans business.
- Bachelor's of Arts or Sciences degree in the fields of Information Systems, Business Administration, or related major.
- One or more relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third Party Risk Professional (CTPRP).
- Understanding of vendor risk management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, remediation as well as inherent and residual risks.
- Knowledge and experience with laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.).
- Ability to perform research to provide material and evidence with internal and external inquiries. Assist with crafting high-quality presentations and reports, conveying sometimes complex topics to several levels of management.
- Clear written and oral communication skills with experience writing policy and Procedural documentation.
- Advanced skills in Microsoft Excel, PowerPoint, Cognos reporting and PowerBi
- Experience with Fusion Risk Management or similar GRC tool.
LI-AG1