Vendor Management Specialist
VA or OH Office
The Vendor Management Risk Analyst is responsible for overseeing and managing the Bank’s third-party risk management program. This role will ensure that third-party relationships are established, maintained, and terminated in accordance with the Bank’s acceptable risk tolerance.

QUALIFICATIONS:

• Bachelor’s degree in Information Systems, Computer Science, or Cybersecurity
• 5 years of relevant work experience
• Key Industry certifications such as CISA, CISM, CISSP, CRISC (optional)
• Strong understanding of third-party risk management frameworks and standards (e.g., CSA, NIST, ISO 27001).
• Understanding of NIST AI Risk Management framework and its applications to the vendor risk management.
• Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments.
• Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics.
• Experience across IT domains such as application development, infrastructure, technical support and operations, cloud technologies, and artificial intelligence.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a
• Experience with ServiceNow
• Skilled in utilizing GenAI solutions and prompt engineering techniques.
  This role requires a strong understanding of the Bank’s business operations, risk appetite, and regulatory requirements. The successful candidate will be a proactive and detail-oriented individual who can effectively manage multiple priorities and build strong relationships with internal and external stakeholders.

• Third-Party Lifecycle Management:
• Oversee the entire lifecycle of third-party relationships, including onboarding, ongoing monitoring, and termination.
• Proactively identify, analyze, and remediate information security and technology risk throughout the third-party lifecycle.
• Conduct vendor risk management activities including but not limited to third-party risk assessments, gap analysis, contract review, vendor breach activities, and partner with internal stakeholders to monitor vendors.
• Coordinate and document termination activities for third-party relationships.
• Access Management:
• Assist in provisioning and revoking access for third-party contractors.
• Ensure that access rights are granted and revoked in accordance with the Bank’s security policies.
• Recordkeeping and Reporting:
• Analyze data and produce clear reports on vendor management activities, highlighting security, compliance, and governance concepts that resonate with both technical and non-technical audiences.
• Maintain accurate and up-to-date records of third-party relationships, contracts, and risk assessments.
• Incident Response and Management:
• Identify and communicate findings of non-compliance with Information Security and Compliance standards. Track to remediation or to an acceptable level of risk.
• Coordinate with the Information Security team to respond to and investigate security incidents involving third-party vendors.
• Work with third-party vendors to implement corrective actions and mitigate risks.
• Regulatory Compliance:
• Stay informed of regulatory requirements and industry best practices.
• Ensure that the third-party risk management program complies with all applicable regulations.
• Participate in audits and exams conducted by internal and external auditors.
• Training and Awareness:
• Develop and deliver training programs to educate employees on third-party risk management.
• Promote a culture of risk awareness and compliance within the organization.