Corporate Senior Third-Party Risk Analyst - Salt Lake City, United States - Glacier Bancorp

Description

About the Role:

Summary:

The Senior Third-Party Risk Analyst will report to the Corporate Third-Party Risk Manager, who is responsible for the Third-Party Risk Management (TPRM) program. The individual in this role will take a lead position and utilize critical thinking, problem-solving, analytical, and organizational skills to manage and enhance the current TPRM program. The individual will collaborate with other Third-Party Risk Analysts and provide thought leadership for all aspects of the TPRM process, including assisting with program governance, compliance with applicable laws and regulations, and the design and implementation of enhancements to the program. This position will also play a significant role in managing and coordinating all aspects of the third-party life cycle, including planning, ongoing monitoring, due diligence, and off-boarding.

The Senior Third-Party Risk Analyst will help ensure that third-party relationships are accurately risk-rated and documented in the bank's third-party risk management system. The role also entails providing direction and supervision for the contract process, including reviewing required contract provisions and information security controls, effective challenge, execution, and contract management

The position is part of our Enterprise Risk Management team, which assists senior management and the board of directors in assessing, identifying, mitigating, and monitoring the corporations key risks protecting the long-term safety and soundness of the company. The department is fast-paced and always evolving which requires the incumbent to maintain focus and productivity amidst competing priorities.

This is a Corporate position which may be located at an available bank division location across our eight-state footprint in AZ, CO, ID, MT, NV, UT, WA, or WY. The mid-rate for this position is $90, / per year. (calculated for Spokane, WA).

All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.

Description:

Develop and implement enhancements to the overall TPRM Program, including updates to policies and procedures, utilizing the third-party risk management system for all phases of the third- party life cycle and ensuring compliance with applicable third-party regulations and current cyber-risk mitigation strategies. Lead program improvements to outline which third parties have access to our sensitive customer, employee, and bank information along with third- party access to our systems. Active participation in the development, maturation, and maintenance of the TPRM Program, including the TPRM policy, risk appetite, and related metrics. Implement improvements to the overall third-party risk management program, including program governance, policies, procedures, templates, technology, training, and communication.
Provide Program guidance for risk-based due diligence reviews that measure, monitor, and mitigate the risks associated with ongoing third-party and fourth-party relationships. Utilize the banks risk profile framework to assess the inherent risk of third parties and accurately risk-rate the third parties, paying particular attention to third-party risks such as operational, information security, cyber and compliance risk. Utilize software to capture, categorize and risk score vendors. Partner with Third Party Relationship Owners to facilitate the fulfillment of due diligence requirements. Review, analyze and effectively challenge provided due diligence information. Develop risk acceptance and issues escalation process including conducting training, ongoing monitoring, and tracking. Common review areas include disaster recovery and business continuity program, insurance protection, internal control reports (SSAE 18, SOC reports), service level agreements (SLA), and third-party financial performance. Escalate material issues and risks to third-party risk and enterprise risk management, and the appropriate corporate stakeholders, as necessary.
Manage the contract review process with business units and division staff to ensure contract language appropriately protects the bank's interest, reduces operational, legal and financial risk, and that required contract language is included and adhered to by both parties. Develop process for terminating contracts to ensure all customer, employee and bank information is recovered from the third-party.
Create and enhance useful monitoring reports for management and the board, including third-party inventories, dashboards, performance reports, issue tracking, risk acceptance, findings, etc. Present and communicate findings verbally to audiences at different levels of the bank, including senior management and the board. Identify risk-related issues needing escalation to management.
Keep abreast of all third-party management regulatory requirements and changes as well as industry best practice and enhance the program proactively. Ensure compliance with all regulations, policies, and procedures through continued maturation of the TPRM Program. Provide leadership for program changes to comply with the recently issued Interagency Guidance on TPRM. Work directly with bank regulators, auditors, consultants, and other outside individuals. Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date.
Support the Enterprise Risk Management Department in other duties such as report creation, technical writing, regulatory reporting, researching emerging risk issues, etc.
Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date.

Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education

Required/Preferred

Education Level

Description

Required

Bachelors Degree

Bachelor's Degree in Business Administration, Finance, Accounting, Mathematics, Economics, Computer Science, Business Information Systems or other business related field

Preferred

Legal education such as paralegal studies; Juris Doctor degree (JD)

Experience

Required/Preferred

Experience Level

Description

Required

5 years

Minimum of 5 years experience in developing and managing risk management, legal, vendor/third- party, information security, compliance, audit, regulatory, consulting, or other related program

Required

5 years

Minimum of 5 years contract management experience with the ability to review, interpret, challenge, and revise contracts and agreements.

Required

3 years

Minimum of 3 years experience in reading and understanding SSAE 18 Reports, SOC Reports, ISO Certifications, industry standard SIG framework, and Cloud Security Questionnaires

Required

Advanced Experience

Microsoft Word and Excel

Preferred

Knowledge Of

Understanding of RCSA and logging vendor deficiencies.

Preferred

Knowledge Of

Banking or financial industry knowledge and experience.

Preferred

Knowledge Of

Knowledge of information security and cyber risk as it pertains to vendor management.

Preferred

Knowledge Of

Understanding of federal banking guidelines and regulations, specifically related to third-party risk requirements.

Preferred

Knowledge Of

Utilizing GRC tools to assess, manage, track, and report on third-party risk

Would an equivalent combination of relevant education and work experience be considered?: Yes

License/Certification

Required/Preferred

License/Certification

Description

Preferred

Certified Third-Party Risk Professional (CTPRP), Certified Third-Party Risk Assessor (CTPRA), Third Party Cyber Risk Assessor (TPCRA), or Certified Third Party Risk Management Professional (C3PRMP)

Required Skills and Abilities

• Lead and build programs with strong passion to continuously identify and execute improvement opportunities.
• The ability to collaborate, communicate, motivate, persuade, and influence stakeholders at all levels is a critical component of the position. Internal and external stakeholders include the board, executive management, business units, auditors, consultants, third parties and regulators.
• Provide leadership and subject matter expertise/training to all parties in support of compliance with the Third-Party Risk Management Program.
• Strong team player with the desire to partner across the organization and achieve results.
• Passion to continuously identify and execute improvement opportunities within the Enterprise Risk Management Department and across the organization to mitigate the risks to the customers, employees, and bank.
• Proven strong problem solving, analytical and technical skills to understand and identify business needs to develop, communicate, and execute solutions.
• Strong organizational skills, adaptability to frequently changing demands, and ability to appropriately prioritize numerous open projects.
• Excellent technical writing and oral communication skills with particular emphasis on being able to articulate complex topics in a manner digestible to a wide audience. Ability to provide constructive feedback and follow-up on their mitigation.
• Ability to read, comprehend, and evaluate detailed laws, regulations, policies, programs, and data with the ability to make a strong judgement call and summarize key points succinctly to audiences.
• Ability to read, interpret and effectively challenge contracts and agreements, as well as write professionally, clearly, and succinctly.
• Possess strong project management skills with the ability to design and execute innovative programs.
• Possess analytical/quantitative skills demonstrating the ability to handle, analyze, interpret and utilize data to solve complex problems.
• Self-starter with ability to take ownership and accountability of all roles and responsibilities.
• Employee must be capable of interacting calmly and professionally with a variety of people from diverse backgrounds at various levels within and outside of the organization.
• Employee must be capable of regular, reliable, and timely attendance.

Additional Requirements

Travel

Occasional travel required: (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.

Working Conditions

Environment: Indoors, a climate-controlled shared work area.

Noise Level: Moderate noise; not extreme or excessive; within reasonable limits.

Lifting: Sedentary work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Vision

Close visual acuity to prepare and analyze data and figures, view a computer terminal, and read the computer screen, printed materials, and handwritten materials.

Physical Activities

Frequency

Balancing: Maintaining body equilibrium to prevent falling and walking, standing or crouching on narrow, slippery, or erratically moving surfaces.

Infrequent rare.

Climbing: Ascending or descending ladders, stairs, scaffolding, ramps, poles and the like, using feet and legs and/or hands and arms.

Infrequent rare.

Crawling: Moving about on hands and knees or hands and feet.

Infrequent rare.

Crouching: Bending the body downward and forward by bending leg and spine.

Infrequent rare.

Feeling: Perceiving attributes of objects such as size and shape, temperature or texture by touching with skin, particularly that of the fingertips.

Infrequent rare.

Fingering: Picking, pinching, typing or otherwise working primarily with fingers rather than with the whole hand as in handling.

Infrequent rare.

Grasping: Applying pressure to an object with the fingers and palm.

Daily.

Kneeling: Bending legs at knee to come to a rest on knee or knees.

Infrequent rare.

Lifting: Raising objects from a lower to a higher position or moving objects horizontally from position to position.

Infrequent rare.

Pushing: Using upper extremities to press against something with steady force in order to thrust forward, downward or outward.

Infrequent rare.

Pulling: Using upper extremities to exert force in order to draw, haul or tug objects in a sustained motion.

Infrequent rare.

Repetitive Motion: Making substantial movements (motions) of the wrists, hands, and/or fingers.

Daily.

Stooping: Bending body downward and forward by bending spine at the waist.

Infrequent rare.

COMPENSATION & BENEFITS: Starting salary is dependent upon relevant experience and may vary based on the geographic location of the position. We offer an extensive benefits package that includes, but is not limited to medical, dental, vision, and life insurance, a health savings account option, an Employee Assistance Program (EAP), a health rewards program, a 401(k) retirement savings plan, discounts on banking products and services, Paid Time Off (PTO) and holidays. Visit our website for more details

COMPANY OVERVIEW: We are a family of banks whose unique local presence reflects the communities we serve. We welcome the opportunity to grow and change as our customers and communities do the same. Read our story, learn about our banks, and experience life at Glacier Bancorp, Inc. all from our website. Check it out

We are an Equal Opportunity Employer and qualified applicants or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, genetic information, protected veteran status, or any other category protected by applicable federal, state or local laws.

Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.

No Recruiters or unsolicited agency referrals please.