Vendor Risk Analyst


The Vendor Risk Analyst will assist in the execution of the vendor management process at CastleHill Managed Risk Solutions. The analyst will aid in establishing the vendor risk rating process and assess risk through due diligence reviews. The Vendor Risk Analyst will also perform ongoing monitoring and evaluation of vendor risk, regularly working with various clients.
•Assess initial inherent and residual risk ratings on new vendors. Must be able to think analytically and critically to adjust risk assessment ratings as warranted through subjective determinations.
•Coordinate, execute and review due-diligence assessments on new vendors
•Utilize vendor management system(s) to document risk ratings on all vendors and perform the assessment process
•Develop positive working relationships with CastleHill clients and relationship managers to maintain an open environment for collaboration, solving issues, assessing risk and remediation, when applicable
•Aid clients and relationship managers with ongoing documentation regarding vendor issues or non-compliance with contracts
•Coordinate annual vendor reviews with relationship managers and 3rd Party respondents
•Maintain communication with Clients on identifiable risks and remediation plans
•Complete initial review of contracts and evaluate relevant risks as necessary
Critical Requirements for Success:
•Excellent organizational and interpersonal skills are an absolute must, along with strong written and verbal communications skills
•A college degree in technology, business, or related discipline is preferred. However, experience sufficient for candidates with an appropriate mix of personality, skills.
•Candidates with experience in Compliance, Audit, Vendor Management or Third-Party Risk Management is highly-desirable and will be prioritized
•Must be able to demonstrate the analytical and critical judgment required to evaluate documentation and develop mitigation requirements based on subjective information
•Must have high-level of communications skills and the ability to communicate at all levels of management
•Demonstrated interest in technology, formal technology training and/or a background in Information Technology
•Proficient with Excel, Outlook, Word, PowerPoint
Desirable Certifications:
Certified Third-Party Risk Professional (CTPRP), CISA, other technology-related certifications