Hybrid Third-Party Risk Analyst at Bristol County Savings Bank

Position: Third-Party Risk Analyst 

Job Type: Full-Time

Location: Taunton, MA

Department: Enterprise Risk Management

Reports To: 1^st VP Information Security Officer

ABOUT US:
Bristol County Savings Bank, founded in 1846, is a full-service financial institution offering commercial lending, personal and business banking, and mortgage services. The Bank’s Financial Advisory Services division has successfully assisted businesses, individuals and non-profits with the management of their assets since 1989. The Bank’s steady growth and expansion has resulted in $3.1 billion in assets and just over 400 employees in southeastern Massachusetts and Rhode Island. The key words at Bristol County Savings Bank are: "Commitment, Stability, and Community," values that are combined with state-of-the-art technology to meet the needs of its customers. A dedicated local community bank for over 175 years, Bristol County Savings Bank is actively involved in giving back to all the communities it serves both through financial support and the volunteerism of its people.

OVERVIEW:
The Third-Party Risk Analyst assists the First Vice President, Information Security Officer (ISO) in the administration, deployment and continual refinement of the enterprise-wide Third-Party Risk Management Program (TPRM).  This position is responsible for enhancing the current processes to measure, analyze and manage vendor management risks and to ensure any risks outside of the Bank’s risk appetite are prioritized and mitigated. 

PRIMARY ACCOUNTABILITIES / RESPONSIBILITIES:

• Conduct risk assessments of prospective third parties to evaluate the security posture, governance, risk and compliance practices of third-party service providers. This involves the analysis of evidence provided by third-party service providers in accordance with the Bank’s vendor due diligence procedures. 
• Perform ongoing monitoring activities of the Bank’s vendors, in accordance with the vendor criticality rating, to evaluate the adequacy of vendors’ internal controls in place to protect the confidentiality, integrity and availability of Bank information. Vendor monitoring also includes performance monitoring to identify potential issues, areas of non-compliance or deviations from the expected performance levels and success criteria.
• Contributes to the continuous improvement and execution of the Bank’s risk based TPRM program, including the underlying policies, standards and procedures.
• Analyzes vendor service providers to identify opportunities for efficiency and reduce third-party supplier costs.
• Maintains an accurate inventory of third-party suppliers in the Bank’s governance, risk and compliance platform.
• Assists control owners in identifying the business process controls that adequately address the complementary user entity control (CUEC) considerations identified in System and Organization Control (SOC) reports.
• Provides 2^nd Line of Defense monitoring and testing of adherence to the TPRM program, policies and procedures.   
• Identifies and escalates emerging third-party risks to vendor owners and management and ensure they are being adequately addressed by vendors.
• Report results of risk assessments and vendor risk management activities appropriately to Management and management committees.
• Serves as a liaison to business partners in each division. Provides guidance to the business line resources in the 1^st Line of Defense and other stakeholders to facilitate the end-to-end execution of the TPRM program.
• Oversee vendor performance metrics and service level agreements (SLAs).
  

OTHER ACCOUNTABILITIES / RESPONSIBILITIES:

• Crosstrain peers and new employees on relevant vendor management policies, procedures and activities.
• Contribute to the timely remediation of Internal Audit and regulatory issues.
• Various other activities as assigned by the ISO and/or ERM leadership.

POSITION REQUIREMENTS:
The successful candidate for this position must meet the following requirements: 

• Bachelor’s degree in Business Administration with a major in information security, risk management, finance, accounting or a related field. 
• A minimum of three to five years of risk management work experience is required, preferably within the banking or insurance industries. 

Preferred experience/knowledge: 

• At least five years of direct information security or information technology risk experience in the banking, financial services, or insurance industries.  
• Understanding of banking operations and policies, regulatory requirements, and knowledge of internal controls relative to banking organizations.

Required Knowledge, Skills, and/or Abilities

• Strong knowledge of internal control concepts relative to banking organizations.  
• Excellent analytical, planning, organizational, communication, and decision-making skills.
• Strong interpersonal skills; must be able to interface professionally and collaboratively with all levels of associates.
• General knowledge of risk management processes, cybersecurity principles, control frameworks (e.g. CIS Critical Security Controls) and regulatory expectations (e.g. FFIEC Interagency Guidelines).  
• Knowledge of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management Framework.
• Knowledge of The Institute of Internal Auditors’ (IIA) internal auditing standards.
• Familiarity with Service Organization Controls (SOC) reports and Complementary User Entity Controls (CUECs) identified within.  
• Ability to work in a dynamic environment, handle multiple priorities and manage workload based on evolving business needs and regulatory expectations.
• Ability to work proactively and identify solutions to business problems with consideration for known constraints.
• Strong attention to detail and ability to work independently as well as part of a team.
• Proficiency with the Microsoft Office suite (i.e. Word, Excel, Visio and PowerPoint).

INDEPENDENT ACTION:
Performs work within established guidelines and according to specific procedures.  Establishes short-range plans aligned with the strategic Enterprise Risk Management objectives.  

 QUALIFICATIONS:

• To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Any physical demands or work conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions Strong vendor management and negotiation skills.
• Ability to read and understand invoices, contracts, and work proposals.
• Excellent communication and organizational skills.
• Proficient in Microsoft Office Suite (Excel, Word, Outlook, Teams).
• Strong problem-solving ability and attention to detail.
• Reliable, self-directed, and able to manage competing priorities across locations.

PERFEERED QUALIFICATIONS:

• Experience in the banking or financial services industry.
• Familiarity with facilities management software or ticketing systems.
• Working knowledge of OSHA and basic workplace safety standards.
• Construction Project Management

EEO STATEMENT:
Bristol County Savings Bank is an Equal Opportunity Employer and is committed to a diverse workforce. The Bank considers applicants for employment without regard to race, color, sex, sexual orientation, national origin, age, genetic information, veteran status, disability or membership in any other protected class as defined by law.

FULL-TIME BENEFITS:
401(k)
Employee Pension
Paid Time Off (PTO)
Parental Leave
Tuition Reimbursement

Begins first of the month following date of hire:
Medical, Dental, Vision
Critical Illness Insurance 
Disability insurance including LIFE, Long-term disability
Employee Assistance Program
Flexible Spending Account
Dependent Care Account
Health Savings Account