Third Party Risk Management Senior Analyst

City National Corporation Los Angeles , CA 90009

Posted 3 months ago

CNB's Third Party Risk Management (TPRM) program is designed to ensure an effective risk management process is in place for third-party relationships. The TPRM team supports that mission by serving as the second line and ensures CNB manages third party risk effectively and efficiently, relative to its size and complexity.

Third Party Risk Management (TPRM) Senior Analyst reports directly to the TPRM Program Manager and is responsible for providing Bank-wide third-party risk management services. This role assists the TPRM Program Manager and the TPRM Lead to define, implement, and maintain third party risk management policies, standards, and operating model for all lines of business and subsidiaries. This role will be directly involved in providing oversight and monitoring of the TPRM lifecycle and will partner with others throughout the organization such as Subject Matter Experts, the Vendor Management Office, Information Security, and Business Continuity Planning, Corporate Compliance, etc., to achieve these objectives.


  • Perform advisory and challenge functions regarding the TPRM program to the business units (first line)

  • Validate that business units (first line) are executing the TPRM program requirements effectively

  • Review third party risk assessments for conformance to program objectives and methodology

  • Assist in researching, reviewing, developing and maintaining TPRM policies and standards that comply with federal and state regulatory laws

  • Effectively monitor the tracking of issues, gaps, and exceptions and mitigation plans as they relate to third party risks to ensure timely resolution

  • Track and analyze risk metrics to understand the Bank's overall third-party risk exposure

  • Prepare third party portfolio reporting of risk and performance to senior executives

  • Ensure timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds

  • Evaluate the TPRM program to identify optimization opportunities and provide recommendations for process improvement

  • Perform business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks

  • Evaluate control libraries and identify when controls need to be refreshed or added

  • Serve as TPRM subject matter expert to first line, providing risk management guidance as needed

  • Perform testing of controls for all phases of the TPRM lifecycle; identify and evaluate deficiencies and assist with quarterly reporting on test results and issue trends.

Basic Qualifications:

  • *Bachelor's Degree

  • *Minimum of 2 years working with a GRC system, incorporating continuous improvement for the system and process

  • *Minimum of 5 years of experience in a combination of the following areas:

  • Third party risk management

  • Operational risk management

  • IT risk management

  • Supply chain management

  • Assurance

  • Oversight and/or relevant third-party audit or compliance experience process

  • 3-5 years of audit background, preferred

Skills and Knowledge:

  • Comprehensive knowledge of third party risk management processes and methodologies such as:

  • Calculating inherent risk

  • Calculating residual risk

  • Risk scoring

  • Risk controls

  • Comprehensive knowledge of the third-party risk management lifecycle: planning, due diligence, contracts, ongoing monitoring and termination

  • Confidence to challenge others, where appropriate, with experience in management by influence, facilitating and gaining consensus

  • Proven ability to anticipate and identify risks and effective mitigants

  • Ability to manage ambiguity, ascertain facts, and apply judgement to complex risk scenarios

  • Ability to manage deadlines to ensure the timely completion of TPRM materials by first line colleagues

  • Ability to manage small projects or previous project management experience

  • Knowledge of and experience in designing and operating governance, frameworks and processes to comply with vendor management/third party risk management related regulatory guidance (OCC 2013-29, Fed SR 13-19 or other relevant third-party risk management/vendor management regulation applicable to the financial services industry)

  • Excellent oral and written communication skills; experience performing both detailed and executive-level documentation

  • Demonstrable stakeholder management and project management skills

  • Advanced knowledge of Microsoft Office tools, specifically Excel, PowerPoint and SharePoint

  • Experience with reporting platforms such as Tableau, SQL scripts, and Microsoft SSRS desirable

  • Performs other duties as assigned or requested.

The Bank reserves the right to add or change duties at any time.

  • Represents basic qualifications for the position. To be considered for this position you must at least meet the basic qualifications.

Equal Opportunity/Affirmative Action Employer, Minorities/Females/Individuals with Disabilities/Veterans

Note: This preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Note: Candidates should be advised that City National Bank does not pay interviewee travel expenses or relocation expenses for candidates who are hired unless previously agreed.

Equal Opportunity Empl

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Paranoids Vendor Risk Management Analyst


Posted 7 days ago

VIEW JOBS 10/15/2019 12:00:00 AM 2020-01-13T00:00 It takes powerful technology to connect our brands and partners with an audience of 1 billion. Nearly half of Verizon Media employees are building the code and platforms that help us achieve that. Whether you're looking to write mobile app code, engineer the servers behind our massive ad tech stacks, or develop algorithms to help us process 4 trillion data points a day, what you do here will have a huge impact on our business—and the world. Want in? As Verizon's media unit, our brands like Yahoo, TechCrunch and HuffPost help people stay informed and entertained, communicate and transact, while creating new ways for advertisers and partners to connect. With technologies like XR, AI, machine-learning, and 5G, we're transforming media for tomorrow, too. We're creators and coders, dreamers and doers creating what's next in content, advertising and technology. When you impact millions of people every single day, you become a large target for adversaries of all types within all layers of the stack. Our job is to keep our users safe and make Verizon Media one of the safest places on the Internet. We are the information security team at Verizon Media; known as "The Paranoids". The Paranoids Vendor Risk Management Analyst will identify and mitigate risks associated with third party vendors across Oath. The Analyst must be fluent in cybersecurity and a skilled communicator to translate policies to management and facilitate implementation strategies. The ideal candidate will have prior experience performing similar responsibilities in risk, security and compliance in similar industries (e.g., software, technology, media) or with similar scope (e.g., large, global organizations). Responsibilities * Conducting new and ongoing vendor risk due diligence * Analyzing existing security policies and standards to assess compliance with security, legal, and regulatory requirements * Collaborate closely with Vendor Management team to gather data from vendor required for risk assessments * Communicating and developing remediation strategy for any identified vulnerabilities * Establishing and maintaining compliance audit schedule and processes * Actively researching and analyzing current security trends, methodologies, issues, technologies, and regulatory requirements Qualifications Required * 2+ years of technical experience in assessing third party vendor risk * Demonstrated problem diagnosis and analytical skills * Excellent interpersonal, communication, and organizational skills * Strong knowledge of current GRC trends and best practices (e.g., GDPR, CCPA) Desired * Bachelor's Degree in Computer Science, Engineering, Information Security or related field or equivalent experience * 3+ years of relevant cybersecurity experience for a global technology or media company * Experience in large scale technology implementations * Relevant cyber certifications (e.g., CISA, CISSP, GSEC, CCNA, CISM) Verizon Media is proud to be an equal opportunity workplace. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on age, race, gender, color, religion, national origin, sexual orientation, gender identity, veteran status, disability or any other protected category. Verizon Media is dedicated to providing an accessible environment for all candidates during the application process and for employees during their employment. If you need accessibility assistance and/or a reasonable accommodation due to a disability, please email or call 408-336-1409. Emails/calls received for non-disability related issues, such as following up on an application, will not receive a response. Currently work for Verizon Media? Please apply on our internal career site. Oath Los Angeles CA

Third Party Risk Management Senior Analyst

City National Corporation