Third Party Risk Management Senior Analyst

Company Description

Formed in 2017 by the combination of Misys and D+H, we provide the broadest portfolio of financial services software in the world today—spanning retail banking, transaction banking, lending, capital markets and treasury.

Our solutions enable customers to deploy mission critical technology on premises or in the cloud. With our scale and geographical reach we drive valued solutions and opportunity for customers regardless of size or geography. Through our open, secure, and reliable solutions, we empower customers to accelerate growth, optimize cost, mitigate risk and continually evolve to meet their changing needs.

A Truly global organization with offices in 42 countries worldwide, with an employee base of approximately 10,000 employees. We work with 9,000 customers, including 48 of the top 50 banks globally. Through our software, we’re constantly stretching boundaries to do more for our customers. We are proud to be an organization where our vision, values and cultural beliefs are not just shared, but are lived by our people globally and where recognition is part of each and every day.

Job Description

Working as part of the Global Risk Management team, and reporting to the Director, Third Party Risk Management the Third Party Risk Management Analyst will ensure that the day to day activities of the vendor due diligence programs are successfully performed. This includes managing the risk assessment and due diligence processes, both at onboarding and throughout the lifecycle as part of Finastra’s Third Party Risk Management Program. 

Responsibilities & Deliverables:

Your responsibilities and deliverables as a Third Party Risk Management Analyst will include, but are not limited to, the following:

• Support the Finastra’s third party risk strategy, collaborating with various stakeholders to perform due diligence, risk assessment and ongoing monitoring of Finastra’s third parties and partners, ensuring inherent risks and control gaps are accurately identified and remediated
• Ensure Third Party Risk Management policy and procedures, and Fusion Risk Management tool capabilities are implemented according to approved goals and policy
• Validate incoming vendor and partner engagements, working with business partners to ensure data is complete and accurate and inherent risks are identified
• Coordinate the distribution of due diligence questionnaires to the vendors and partners, review submitted questionnaires for completeness, ensure Risk stakeholders finalize reviews and determine overall residual risk rating. 
• Ensure all appropriate assessments are distributed, tracked and returned on a timely basis.
• Ensure that vendors have required assessments and supplied artifacts.
• Be a strong liaison to ensure that Risk Stakeholder questions are answered by Business or Suppliers as required. Conduct certain aspects of supplier due diligence not covered by risk stakeholders
• Respond to inquiries/examination requests by supporting elements of the regulatory and audit examination cycle for inquiries or exams
• Contribute to the development of detailed procedural documents and ensure alignment of TPRM with regulatory requirements including FFIEC, OCC and other applicable regulations
• Identify, prioritize and pursue opportunities to enhance Finastra’s third party risk management processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness
• Ensure fourth parties are identified, captured and reported across all suppliers
• Develop and run consistent and accurate reports related to the supplier list and analyze data to prepare supplier reporting for senior management
• Develop and populate metrics, reports and spreadsheets as necessary to showcase issues, risks and program status.

Qualifications

• Have three to five years of work experience related to Third Party Management, Vendor Risk Management, and/or Procurement, particularly in financial services and the payments and loans business.
• Bachelor’s of Arts or Sciences degree in the fields of Information Systems, Business Administration, or related major.
• Candidate should be willing to work in Late Shift.
• One or more relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third Party Risk Professional (CTPRP).
• Familiarity with risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, and emerging technology platforms – mobile device platforms, cloud services, Big Data, and social media.
• Understanding of vendor risk management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, remediation as well as inherent and residual risks.
• Knowledge and experience with laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.).
•  Ability to perform research to provide material and evidence with internal and external inquiries. Assist with crafting high-quality presentations and reports, conveying sometimes complex topics to several levels of management.
• Clear written and oral communication skills with experience writing policy and Procedural documentation.
• Advanced skills in Microsoft Excel, PowerPoint, Cognos reporting and PowerBi
• Experience with Fusion Risk Management or similar GRC tool