Risk Management Analyst

Objectives of this role

We are seeking a highly motivated and detail-oriented individual to join our team as a Risk Management Analyst. This role will play a key part in supporting the Enterprise Risk Management (ERM) function with an emphasis on Third-Party Risk Management (TPRM), Business Resilience, and monitoring of Identity and Access Management (IAM) processes. This role will also support the Internal Audit function as needed. The ideal candidate will possess strong analytical skills, risk discernment, attention to detail, and an understanding of risk management principles within the financial services industry.

The Risk Management Analyst role is positioned within ERM, a business unit in the Second Line of Defense, which is tasked with supporting management in the First Line of Defense to help ensure risks and controls are properly managed. Internal Audit is a business unit positioned in the Third Line of Defense. Internal Audit provides an independent and objective assessment of whether management's controls are functioning as designed. This role reports to the Senior Vice President- IT Governance and Business Resilience for ERM and to the Senior Vice President- Chief Risk Officer and Audit Director for Internal Audit.

Key Responsibilities:

• Assist in the creation of the annual vendor review schedule.
• Perform ongoing vendor reviews based on the annual vendor review schedule, including requesting documentation from vendor relationship owners and reviewing the documents in the TPRM system.
• As part of the vendor review process, assess the overall vendor control environment, including information technology controls, financial stability, and insurance coverage, to minimize risk to the Bank.
• Partner with business leaders to perform new vendor onboarding including initial risk assessment and review of vendor due diligence documents in the TPRM system.
• Collaborate with business leaders to perform in-house reviews of vendor agreements for key legal elements or coordinate with external legal counsel in accordance with the TPRM Policy to minimize risk to the Bank.
• Perform contract monitoring in the TPRM system to assess when contracts are renewing, ensure notifications are scheduled to inform business leaders of renewals, and ensure renewal dates are properly updated.
• Partner with business leaders to perform annual business continuity plan updates.
• Assist in drafting and supporting business resilience exercises.
• Coordinate with business leaders to oversee business continuity program enhancements and obtain management responses, target dates, and follow up comments.
• Partner with business leaders to ensure management is completing system user access reviews in accordance with the Bank's IAM program.
• Perform monitoring reviews of employee offboarding and internal transfers to assess whether management is following procedures in accordance with the Bank's IAM program.
• Assist in the identification, assessment, and monitoring of enterprise-wide risks.
• Contribute to the preparation of risk reports for Senior Management and Board committees.
• Assist with the completion of administrative tasks within the department.
• Support Internal Audit, as needed:
• Assist in the planning, execution, and reporting of internal audits in accordance with established audit plans.
• Work closely with the Internal Audit team to identify areas for improvement in internal controls and operational processes.
• Participate in the development and implementation of audit programs and testing procedures.
• Perform follow-up procedures on outstanding audit findings and recommendations.
• Maintain a high level of integrity and professionalism to handle sensitive and confidential information.
• Perform special projects, investigations and other duties as assigned.
• Assist with the completion of administrative tasks within the department.

Knowledge and Skills:

• Self-motivated with the ability to work independently.
• Strong decision-making skills with the ability to think critically and differently to solve complex problems in "gray areas" where there is not always a clear delineation in policy or regulatory requirements.
• Ability to discern risk, level of impact and likelihood, and assess the adequacy of controls.
• Strong interpersonal and self-management skills with the ability to multi-task and prioritize.
• Organized and attentive to detail.
• Ability to effectively communicate with all levels of the organization, clearly express ideas and concepts both verbally and written, and provide excellent service to ERM's internal customers.
• Ability to interact cordially with business leaders and process owners throughout the organization to accomplish tasks.

Qualifications:

• Bachelor's degree in business, accounting, information technology, cybersecurity, or a related field.
• One to two years of experience in risk management, vendor management, business continuity, internal audit, or a related function within the financial services industry.
• Strong understanding of risk management principles, regulatory requirements, and industry best practices.
• Excellent analytical, problem-solving, and communication skills.
• Knowledge of banking operations and financial products.
• Professional certifications such as CIA, CISA, CRISC, or CRMA are a plus.
• Remote work available

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this job, the employee is regularly required to talk or hear. This is largely a sedentary role; however, some filing is required. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary.