Jobs · Finance

Third-Party Risk Management (TPRM) Junior Analyst

National Digital Trust Company (In Organization) · New York, United States · 1 wk ago
FinanceFull-time

Job Overview

The company is seeking a Third-Party Risk Management (TPRM) Junior Analyst to support its TPRM program within a highly regulated banking environment. This role is critical in ensuring third-party relationships meet regulatory expectations and cybersecurity standards.

Objectives

  • Conduct initial and ongoing risk assessments for new and existing vendors, with emphasis on cybersecurity and data protection
  • Evaluate vendor due diligence responses, including information security, security architecture, and cloud environments
  • Identify control gaps and recommend risk mitigation strategies
  • Assess vendors handling sensitive data, critical systems, or customer information
  • Support vendor due diligence, concentration risk, fourth-party risk, and business continuity assessments
  • Aid in preparation for regulatory examinations and internal audits
  • Maintain documentation demonstrating regulatory compliance and risk-based decision making
  • Support updates to TPRM policies, procedures, and standards
  • Assess vendor security programs against recognized frameworks, including: NIST Cybersecurity Framework, ISO 27001, SOC 2 Type II
  • Ongoing Monitoring: Support monitoring of critical and high-risk vendors, including: Annual reassessments, Incident reviews, Cybersecurity attestations, Financial health reviews
  • Track vendor performance, compliance, and remediation activities
  • Prepare risk summaries and reporting materials for leadership
  • Escalate significant risks in a timely manner
  • Incident & Resilience Oversight: Review vendor incident response and breach notification processes, Evaluate business continuity and disaster recovery capabilities, Participate in vendor-related incident response activities as needed
  • Reporting & Governance: Prepare concise risk reports for senior leadership and risk committees, Maintain accurate documentation within the TPRM system, Support reporting on third-party cyber risk exposure and metrics
  • Collaboration & Communication: Partner with Information Security, Compliance, Legal, Procurement, and business units, Communicate findings clearly to both technical and non-technical stakeholders, Provide guidance to business owners on third-party risk requirements

What You Bring To Our Company

  • Bachelor's degree in business, Information Security, Cybersecurity, Risk Management, Finance, or related field
  • 1-3 years of experience in TPRM and Information security risk
  • PREFERRED: Experience working in an OCC-regulated financial institution, Exposure to cloud risk management (AWS, SaaS environments), Experience using TPRM platforms, Working Knowledge Of Risk assessment methodologies (inherent vs. residual risk), NIST Cybersecurity Framework, ISO 27001, SOC 2 reports

Key Competencies

  • Attention to detail
  • Critical thinking and analytical ability
  • Strong written and verbal communication
  • Strong cybersecurity risk mindset
  • Ability to evaluate technical control environments
  • Risk-based decision making
  • Attention to regulatory detail
  • Ability to manage multiple vendor assessments simultaneously
  • Professional communication with both technical and non-technical stakeholders

Featured Benefits

  • Employer-provided: Medical, Dental, and Vision insurance, 401(k), life and disability insurance

Similar jobs