Position Summary
As a Third-Party Risk Management (TPRM) Analyst III, you will contribute to the efforts of our Cardmember Administration Management (CMAM) department by assisting with the organization, administration, and facilitation of its third-party risk management assessment process and business continuity functions. This role will support the Vice President and Assistant Vice President with all phases of third-party risk assessments, documentation, and communication, as well as the build-out of the TPRM Governance, Risk, and Compliance (GRC) tool.
Summary of Essential Job Functions
• The TPRM Analyst will support the end-to-end third-party implementation process to ensure Credit One’s vendors meet our control standards, including pre-contractual third-party reviews, ongoing monitoring controls & risk assessment to identify the required controls and potential risks to remediate, and documenting any remaining risks in the security risk register for post-implementation remediation.
• The TRPM Analyst will perform assessments of all aspects of the provider.
• Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions.
• Develop a comprehensive understanding of the organization’s third-party risk management framework and standards.
• Ensure assessments within the company are following known industry frameworks (i.e., PCI-DSS, FFIEC, OCC, ISO, NIST)
• Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processes.
• Assist in developing and enhancing third-party due diligence policies, procedures, and frameworks to improve the effectiveness and efficiency of risk assessment processes continually.
• Back-up selected Vendor Manager functions.
• Perform other duties as assigned.
Position Requirements
• Familiarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk management.
• Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as the FFIEC Handbook, ISO 27001, NIST CSF, NIST SP 800-53, GDPR, PCI-DSS, and other industry-specific regulations.
• Experience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating compliance with policies, procedures, and regulatory requirements.
• Strong analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory compliance.
• Ability to collaborate effectively with cross-functional teams, including legal, compliance, IT, and business units, to gather necessary information and ensure compliance with risk management processes.
• Excellent written and verbal communication skills, with the ability to prepare clear and concise reports, summaries, and documentation related to risk assessments.
• Detail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risks.
• Strong organizational skills to monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions.
• Familiarity with risk management software or tools for tracking and managing third-party risks may be advantageous.
• Proactive attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk management.
• Ability to work independently and as part of a team, focusing on delivering high-quality results within established deadlines.
Minimum
• Bachelor’s Degree. Bachelor’s degree in Cybersecurity, Business, Operations, Engineering, or equivalent years of work experience in a corporate environment.
• Minimum of 3 years of experience in third-party risk management, vendor management, information security, IT auditing, or equivalent experience.
• Experience writing technical documentation and reports.
• Experience with Excel, creating pivot tables and formulas.
Preferred
• Any of the following Certification(s): CTPRP, CISSP, CISA, CRISC, CISM
• Interagency Guidance on Third-Party Relationships in Risk Management