Enterprise Risk Strategy - Vendor Management Analyst III - P3

DescriptionPosition SummaryAs a Vendor Management Analyst II, you will contribute to the efforts of our Cardmember Administration Management (CMAM) department by assisting with the organization, administration, and facilitation of its third-party risk management assessment process and business continuity functions. This role will support the Vice President and Assistant Vice President with all phases of third-party risk assessments, documentation, and communication, as well as the build-out of the TPRM Governance, Risk, and Compliance (GRC) tool.Summary Of Essential Job FunctionsSupport the end-to-end third-party implementation process to ensure vendors meet our control standards, including pre-contractual third-party reviews, ongoing monitoring controls, and risk assessment to identify the required controls and potential risks to remediate and document any remaining risks in the security risk register for post-implementation remediationPerform assessments of all aspects of the providerMonitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actionsDevelop a comprehensive understanding of the organization's third-party risk management framework and standardsEnsure assessments within the company are following known industry frameworks (i.e., PCI-DSS, FFIEC, OCC, ISO, NIST)Collaborate with cross-functional teams, including legal, procurement, IT, and business units, to gather necessary information and ensure compliance with risk management processesAssist in developing and enhancing third-party due diligence policies, procedures, and frameworks to improve the effectiveness and efficiency of risk assessment processes continuallyBack up selected Vendor Manager functionsPerform other duties as assignedPosition RequirementsFamiliarity with risk assessment methodologies, frameworks, best practices, and the full breadth of cybersecurity domains, particularly as they pertain to third-party risk managementKnowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as the FFIEC Handbook, ISO 27001, NIST CSF, NIST SP 800-53, GDPR, PCI-DSS, and other industry-specific regulationsExperience conducting risk assessments of third-party vendors, suppliers, or partners, including evaluating compliance with policies, procedures, and regulatory requirementsStrong analytical skills to identify and assess potential risks associated with third-party relationships, such as data security, operational vulnerabilities, and regulatory complianceAbility to collaborate effectively with cross-functional teams, including legal, compliance, IT, and business units, to gather necessary information and ensure compliance with risk management processesExcellent written and verbal communication skills, with the ability to prepare clear and concise reports, summaries, and documentation related to risk assessmentsDetail-oriented mindset with the ability to analyze and interpret risk assessment findings and provide recommendations and remediation plans to mitigate identified risksStrong organizational skills to monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actionsFamiliarity with risk management software or tools for tracking and managing third-party risks may be advantageousProactive attitude with the ability to stay updated on emerging trends, regulatory changes, and industry standards related to third-party risk managementAbility to work independently and as part of a team, focusing on delivering high-quality results within established deadlinesBachelor’s Degree. Bachelor’s degree in Cybersecurity, Business, Operations, Engineering, or equivalent years of work experience in a corporate environmentMinimum of 3 years of experience in third-party risk management, vendor management, information security, IT auditing, or equivalent experienceExperience writing technical documentation and reportsExperience with Excel, creating pivot tables and formulaPreferredAny of the following Certification(s): CTPRP, CISSP, CISA, CRISC, CISMInteragency Guidance on Third-Party Relationships in Risk ManagementCredit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. Credit One Bank is an equal opportunity employer committed to diversity and inclusion and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, or national origin. Reasonable accommodations can be made for those who require them, including access to job applications and workplace accommodations. Employment at Credit One Bank is based on mutual consent (also known as at-will). This means that employees and the Bank may terminate the employment relationship at any time, with or without cause and with or without notice. Please contact the recruiter for this position to learn more. Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.