Location: Buffalo,NY, USA
The Third-Party Risk Management (TPRM) Senior Analyst is responsible for facilitating Northwest's risk assessment of third parties and associated services, identifying and documenting inherent risks, and working with business owners and stakeholders to ensure appropriate strategies are in place to manage risks. Essential Functions * Work directly with Northwest's business line Relationship Managers to gain an understanding of the third-party relationships of Northwest's third-party engagement inventory * Gain expertise in all inherent risk assessment questions and consult Relationship Owners to achieve accurate risk assessment results * Communicate with internal third-party Relationship Managers to facilitate the completion of inherent risk and control assessment questionnaires and submission of documentation needed to support the third-party engagement risk assessment. Provide appropriate guidance and advice to Relationship Managers and Third Parties by drawing out useful information, asking appropriate questions, and analyzing feedback * Facilitate the coordination of the third-party control assessments across Northwest's network of Risk Domain Experts (e.g., Information Security, Business Resiliency, Compliance, Technology) to support the timely review of third-party controls and determine residual risk * Monitor and execute TPRM Risk Analyst workflow activities within Northwest GRC system (Archer) * Consult stakeholders, including Relationship Managers, Risk Domain Experts and Legal, on their required TPRM activities, escalating non-adherence to the Head of Procurement * Seek out methods and resources for Relationship Managers to monitor third-party performance * Assist Head of Procurement in the establishment of processes and procedures for Relationship Managers, Risk Domain Experts and Legal, to comply with due diligence and ongoing monitoring requirements * Ensure third-party documentation is accurate, organized, and complete within Northwest's Governance, Risk, and Compliance (GRC) platform and maintain documentation and records supporting the completion of third-party risk assessments * Query and analyze data from the GRC platform and other sources to construct meaningful risk reports that highlight material inherent and residual risks identified in the third-party risk assessments and clearly socialize risks to the corresponding business Relationship Managers, Risk Domain Experts and Legal * Provide support to Relationship Managers in developing strategies to ensure third-party risks are appropriately managed and mitigated * Escalate material risks to management timely and effectively to support the development of risk management strategies (e.g., data breach, service failure, bankruptcy) * Monitor and oversee resolution of third-party control deficiencies, identified throughout the TPRM risk assessment process * Establish a working knowledge of Northwest's business processes and associated products and services with an understanding of how third-party services are utilized to achieve business goals and objectives. Make recommendations to management regarding operational and organizational process improvements Additional Essential Functions * Ensure compliance with Northwest's policies and procedures, and Federal/State regulations * Navigate Microsoft Office Software, computer applications, and software specific to the department in order to maximize technology tools and gain efficiency * Work as part of a team * Work with on-site equipment Additional Responsibilities * Provide support in the development and maintenance of Northwest's Third-Party Risk Management framework * Maintain and enhance Third-Party Risk Management procedures and job aides, as necessary * Support a periodic review of new third parties added by Accounts Payable against the Third-Party Inventory * Submit Archer Service Requests to support the development of Archer enhancements and complete functional testing as necessary Safety and Health for those without supervisory duties * Abide by the rules of the safety and loss prevention program * Perform work tasks in a safe manner * Report any and all injuries to supervisor * Know what to do in case of an emergency QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Education Bachelor's Degree business related discipline Or equivalent business experience in lieu of a degree Work Experience 5 - 6 years Third-Party Risk Management experience General Employee Knowledge, Skills, and Abilities * Ability to establish effective working relationships among team members and participate in solving problems and making decisions * Ability to present and express ideas and information clearly and concisely in a manner appropriate to the audience, whether oral or written * Ability to actively listen to what others are saying to achieve understanding, sharing information with others and facilitating the open exchange of ideas and information * Ability to establish courses of action for self to accomplish specific goals, develop and use tracking systems for monitoring own work progress, and effectively use resources such as time and information * Ability to make right decisions based on perceptive and analytical processes, practicing good judgment in gray areas Additional Knowledge, Skills and Abilities Ability to provide support, guidance and direction to business line Relationship Managers and Risk Domain Experts Ability to assess and interpret details to identify key risks and mitigation strategies
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)