Description

As a Senior Third Party Analyst, you will support the program by working with assigned business units to ensure third-parties are managed in accordance with program design.  The Third Party Assessment (TPA) function delivers value by performing control assessments on third parties, in relation to data protection, cyber security, and operational risk.  These assessments are completed to provide a level of confidence to the bank and to regulatory bodies that any information services being provided are executed in a controlled and safe environment. The goal of the TPA team is to provide Cyber and Business Continuity requirements, but most importantly, provide insights to our Business Lines related to exceptions within the third party.  Relationships with Business Line leaders and colleagues is imperative to communicating and discussing observations and findings during assessments. This will include managing relationships with both business leaders and third parties, while providing robust and challenging insight on business risk and on the adequacy and effectiveness of the test control processes in place.

The role holder delivers assessment review and provides opinion on the quality of the third party control environment as is needed to meet Citizens Banks policies - including identifying issues and subsequently assisting the business to agree to any appropriate action plans to mitigate the risk.

Primary responsibilities include

Collaborating with senior management to influence key decisions.Evaluating third party control infrastructure effectiveness and obtaining evidence of controlsApplying experience in audit, security and regulatory frameworks including ISO 27001, GLBA, SOX, PCI, HIPPA, States Privacy Regulation and FFIECAssisting in Governance Risk and Compliance (GRC) program’s design, process re-engineering or enhancements and tool and technology implementations as applicableLeading current risk assessments, continual risk assessments, and risk metrics and visualizationsPerforming validation of remediation activitiesWorking directly with key business leaders to facilitate risk analysis and risk management processes, identifying acceptable levels of risk and establish roles and responsibilities with regards to risk managementSupporting and participating in Regulatory exam preparation and execution as well as remediation where applicableCoaching and mentoring junior analysts and clearly articulating Third Party Assessment program goals and objectives to the wider audienceProducing Third Party Assessment reports that clearly articulate risks in order to speak to a varied audience.Translating security risk and communicating effectively to business partners within the organization 

Qualifications:

5+ years of experience in an IT Risk, Audit, Third Party Vendor Assessment or Information Security organization with an understanding of Audit, Security and Risk.Experience gathering information from a range of different sources and in a number of different ways e.g. data collection, interviews, meetings, review of processes, manuals, and documentation review.Experience (significant) with GRC methodologies, tools, and enablers preferably in a financial industryStrong thought leadership in Risk Management and ability to act as management when required.Demonstrated experience working as part of a team - coupled with ability to gather and analyze information & provide a suitable solution.

Skills:

Strong project management.Advanced Excel.Demonstrated interpersonal and communication. Ability to plan, organize and prioritize workloads and work on own initiative.

Education and Certifications: 

Bachelor’s Degree from an accredited institution in either Risk Management, Information Systems/Security or related field or proven experience in Risk, Information Security or Audit.One of more of the following certifications – CRM, ARM, CISSP, CISA, CISM, Audit Management certification as well as certifications in Disaster Recovery and Business Continuity.

Hours & Work Schedule: 

Hours per Week: 40Work Schedule: Monday through Friday

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens), provides equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability, or history or record of a disability, ethnicity, gender, gender identity or expression, transgendered and transitioning individuals, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day and where all are expected to be treated with respect and professionalism. Employment decisions are based solely on experience, performance, and ability. We perform our best so we can do more for our customers, colleagues, communities and shareholders.