Vendor Risk Analyst Jobs in Massachusetts (NOW HIRING)

Technology Risk Analyst

Being a Country Bank team member has a lot of perks! Our competitive total compensation package and comprehensive benefit package include:

• Medical, dental and vision insurance, a 401(k) Plan with a generous employer contribution plus match;
• Income protection benefits;
• Educational assistance and tuition reimbursement benefits;
• Remote work and flexible scheduling options;
• Generous total paid time off, and more!

Country Bank is a growing mutual community bank with locations in Hampden, Hampshire and Worcester counties. We are Made to Make a Difference in the lives of our customers, our communities, and for our team members every day since 1850. It is our people that drive our success and create our inclusive and engaging culture. We're excited to meet you to discuss our career opportunities and how you can make a difference as a part of our growing Corporate Risk team!

About the Job:

We're excited to announce an opportunity for the position of Technology Risk Analyst! This position supports the risk management and information security functions to ensure compliance with the Bank's Vendor Management Program, IT Risk Management Program, and Information Technology Risk Assessment process. This position works closely with the IT Security Department and all business areas to ensure that the appropriate level of vendor and application oversight is maintained throughout the Bank. Within the department, the Technology Risk Analyst collaborates directly with the Operational Risk Analyst and provides support and back-up when opportunities arise.

The hiring range for this position is $60,000 to $75,000. Starting pay determined based on candidate's qualifications and experience.

This position is Full Time, 40 hours weekly.

Essential Duties and Responsibilities (Other Duties May be Assigned):

• Coordinates with business areas/vendor owners and assist with new third-party vendor onboarding reviews and with continued due diligence reviews based on vendor risk rating. Set review dates, tracks review progress, ensure appropriate documentation is maintained and follows up with the vendor/business area as needed. Review and evaluate the adequacy of reports received for critical and essential vendor oversight to ensure exceptions are resolved, impact analyses are performed, and control considerations are addressed by business areas. Monitors Google alerts for Critical and Essential vendors in the event of an acquisition or data breach. Retrieve quarterly OFAC reports for the Financial Investigation Department. Collaborates with Accounts Payable to onboard new vendors through the new vendors report. Works collaboratively with business areas to analyze new and renewing vendor contract terms and provides recommended changes to be in line with policy.
• Oversee the Bank's Information Technology Risk Assessment process in close collaboration with IT Security. Works with System Owners to identify and understand the applications the Bank uses. Reviews application risk assessments and is responsible for identifying, analyzing, monitoring, reporting, and minimizing information technology risks. Facilities AI reviews for applications that leverage AI with IT Security. Provides administrative oversight for application-specific security. Works closely with System Owners to understand the applications the Bank uses and to keep application security forms up to date. Ensures User Access Reviews, Generic User Reviews, Independent User Access Reviews, Independent Admin Activity Reviews, and Quarterly Password Changes are completed in line with the Network Security Program. When application-specific exemptions arise, works with IT Security to appropriately report and approve exemptions.
• Creates, updates, and generates procedures and reports for Vendor management and Applications management to be in line with banks policies.
• Perform policy reviews during the Annual Corporate Policy review process for applicable policies. Communicates results/recommendations/issues for any third-party vendor/application effectively to all levels of management. Generates monthly reports and memos for Risk Management Committee.
• Develops and maintains a "system of truth" that identifies employee access to applications. Assists managers in identifying access levels that need to be removed when roles change or terminate.
• Performs periodic reviews of the GLBA, Authentication & Access to FI Services and Systems, and other risk assessments. Works closely with business areas and IT Security to ensure reviews are completed in alignment with guidance and key controls are monitored appropriately. Assists impacted departments with creating action and remediation plans.
• Manages the onboarding and off-boarding of vendors and applications in LogicManager. Supports the management of the centralized third-party risk management platform.
• Provides support, education, and training to staff to build vendor and application risk awareness within the company.
• Assist in audit, compliance, and pre-exam requests for vendor and application due diligence documents.
• Responsible for building long-lasting relationships with customers, community and colleagues through the embodiment of our Core Values: Integrity, Service, Teamwork, Excellence and Prosperity.
• Other job duties, as assigned.

Knowledge and Skills

It is required that the employee in this position can work independently, interpreting ideas and facts, while also analyzing and interpreting federal and state laws and/or regulations. This employee should have a strong sense of collaboration and ability to develop positive relationships with all levels of management and key business stakeholders. Must have strong written communication skills, the ability to make effective presentations in a group setting and effectively communicate complicated problems to non-technical staff. This employee must maintain a high level of confidence and integrity in order to provide independent judgment and privacy of customer and company information.

This position requires intermediate knowledge of the Microsoft Office Suite items, including Excel, Outlook, PowerPoint and Word. Knowledge of risk management software is required, with strong knowledge of LogicManager specifically, preferred.

Education and Work Experience

A Bachelor's degree in a related field (Computer Science, IT Security, or Risk Management, etc.) is preferred, or equivalent practical experience. Exposure to third-party risk or risk management (such as internships, coursework, or professional experience) is helpful. Experience in a financial institution is preferred but not required.

Working Conditions/Physical Requirements

Physical surroundings are generally pleasant and comfortable with minimal exposure to injury or other hazards with moderate level of noise. Prolonged periods of sitting and looking at a computer screen; repetitive motion of wrists and fingers; talking and hearing. Minimal physical effort required; freedom of movement on a regular basis; handling of light materials and supplies. May require some travel between offices.

Country Bank is an Equal Opportunity Employer. Diverse applicants encouraged to apply.