Third Party and Client Due Diligence Analyst

We’re an energized bunch, who love to be at the forefront of innovation. We make it our mission to develop and stay ahead of the latest trends and technology. Our goal? To put customers at the core of what we do and to deliver solutions that drive transformation and unlock the potential of people and businesses.

-Ensure all appropriate assessments are distributed, tracked and returned on a timely basis. Ensure that vendors have required assessments and supplied artifacts.
-Maintain familiarity with the Vendor Risk Management policies and procedures, identify standards, performance criteria, internal controls, processes, and systems needed, and recommend enhancements to the program.
-Develop and populate metrics, reports, and spreadsheets as necessary to showcase issues, risks, and program status.
-Identify and help remediate vendors who are not complying with the program.
-Track the expiration/refresh dates of all client due diligence material. Obtain and follow-up as necessary to ensure timely receipts of client due diligence updates.
-Update the product specific files within the client due diligence portal.
-Monitor the cases within the client support portals and direct the client or Finastra team member to appropriate material.
-Escalate client support cases, as appropriate. Escalate issues of timely receipt or quality of information.
-Track metrics on the utilization of material and client support cases.

-Have at least five (5) years of work experience related to Third Party Management, Vendor Risk Management, Audit, Compliance, Risk Management, and/or Procurement, particularly in financial services and the payments and loans business.
-Bachelor’s of Arts or Sciences degree in the fields of Information Systems, Business Administration, or related major.
-One or more relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Regulatory Vendor Program Manager (CRVPM) or Certified Third Party Risk Professional (CTPRP).
-Familiarity with risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, and emerging technology platforms – mobile device platforms, cloud services, Big Data, and social media.
-Understanding of vendor risk management practices, including the lifecycle of risk identification, treatment, mitigation, acceptance, remediation as well as inherent and residual risks.
-Knowledge and experience with laws, regulations, guidelines, and frameworks within the financial services industry that mandate information security and information risk management requirements such as FFIEC, NIST, ISO27001, GLBA, OCC Heightened Standards, etc.).
-Ability to perform research to provide material and evidence with internal and external inquiries. Assist with crafting high-quality presentations and reports, conveying sometimes complex topics to several levels of management.