Third Party Risk Management Analyst, AVP

Job Description

Job Description

Purpose of Position:

The Third Party Risk Management AVP supports the Third Party Risk Management Team in the development and execution of the Bank’s Enterprise Third Party Risk Management Program to measure, monitor, assess and report on the control of third party risk throughout the enterprise. Responsibilities include interfacing and collaborating with third parties, Bank Departmental Management, and internal subject matter experts to collect, analyze and document due diligence information in the onboarding of new third party engagements and the ongoing monitoring of existing engagements. The Third Party Risk Management AVP utilizes the Bank’s third party risk management software solution in the course of their duties to ensure third party information is accurate and up-to-date, and as a tool to manage assessment and collaboration on due diligence activities.

Essential Job Functions:

1. Guide business stakeholders in best-practice guidelines for selecting their preferred third parties in accordance with Enterprise Third Party Risk Management policy and standards.
2. Follow established Enterprise Third Party Risk Management procedures to complete onboarding of selected third parties, including the completion of appropriate forms, questionnaires and the provision of required due diligence documentation.
3. Develop an understanding of the risks presented by third parties, the determination of their inherent risk profiles and the appropriate due diligence information required for each third party engagement.
4. Develop expert-level awareness of third party contracting requirements.
5. Ensure executed contracts are archived correctly within the third party risk management solution and supporting electronic archives.
6. Participate in the collection of due diligence information in the initial and periodic monitoring of third party providers and ensure it is appropriately archived.
7. Prepare, conduct and document assessments of audit reports provided by third parties (SOC reports) and assist business users in the review, documentation of controls and testing exceptions.
8. Assist in the performance of third party risk assessments and coordinate responses amongst subject matter experts.
9. Become proficient in the use of the third party management solution that serves as the repository for third party contracts and due diligence documentation, the tool for monitoring, assessing third party engagements and reporting on the status of the Third Party Risk Management Program.
10. Assist in the creation, modification, and maintenance of the Enterprise Third Party Risk Management Policy and Procedures.
11. Participate in the training and education of company staff in the Third Party Risk Management Program, processes, lifecycle, and delineation of responsibilities between 1LoD and 2LoD.
12. Contribute on projects and initiatives supporting process improvement and enhancement of third party risk management processes as needed.
13. Perform other duties as directed.

Knowledge, Skills and Experience Requirements:

1. Bachelor’s degree in computer science, information assurance, MIS or related field, or minimum of 3 to 5 years third party risk management industry.
2. Exposure with various security frameworks. AI or machine learning is preferred.
3. Advanced knowledge of finance, risk management, and third party risk management concepts.
4. Excellent analytical, project management, and problem-solving skills.
5. Strong interpersonal and communications skills, with ability to professionally communicate both verbally and in writing.
6. Self-disciplined (ability to work independently), proactive and detail oriented.
7. Proficient in MS Office Suite, particularly Excel and PowerPoint
8. Knowledge and proficiency in Governance, Risk, and Compliance (GRC) systems is highly appreciated.

Our job titles may span more than one career level. The starting base salary for this role is between $100,000 – $110,000. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future.

Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans. AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement. Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.

Hybrid Work Model
Effective February 18, 2025, employees in office-based positions will be working a Hybrid work schedule consisting of three days or more, on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, the contact center, branch service roles, and general services where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance does not apply to roles that have been designated as “remote”.
Search Firm Representatives- Please Read Carefully
Amalgamated Bank does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for the position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.