- Bachelor's degree in risk management, project management, business administration, or related discipline.
- Master's degree preferred.
- Five to eight years of vendor risk management experience (or appropriate transferrable experience
- F ive to eight years Financial Institution experience, with an emphasis on process or project management, Vendor Management, or Internal Audit procedures.
- Strong technical / functional understanding of vendor management methodologies, workflows, and software solutions
- Demonstrated understanding of vendor management concepts and implementation / program administration techniques including vendor performance monitoring.
- Possess excellent organizational skills and ability to work independently.
- Must be proficient with Microsoft Word, Excel, and Access or other similar software packages
- Strong written and verbal communication skills, including the ability to facilitate meetings and effectively lead discussions.
- Ability to build and maintain effective working relationships with all levels of management and staff.
- High level of professionalism, commitment, and integrity.
- Commitment to growing and enhancing skills and knowledge.
- Occasional travel to and from other work locations may be required.
The Vendor Risk Sr. Corporate Analyst is responsible for performing vendor risk assessments, due diligence, ongoing oversight, and quality assurance activities over FNFG's third party vendor relationships. A key responsibility of the Vendor Risk Sr. Corporate Analyst is identifying, measuring, assessing, and reporting upon third party vendor risk to business owners of the vendor relationships as well as, compiling and analyzing the data into enterprise level reports for Senior Management.
- Performs vendor risk assessments (inherent & residual) on potential third party vendor relationships across the enterprise; taking into consideration strategic, reputation, compliance, transaction, credit, and other risks the vendor may pose to FNFG;
- Conducts thorough due diligence activities to include review of financial performance, reputation reviews, business continuity plans/testing results, reports over internal controls (SSAE 16's, compliance reports, FFIEC ROE's), contract review, adequacy of insurance, SLA's and on-site vendor reviews, when warranted.
- Identifies, measures, and assesses risk associated with third party vendor relationships, and as needed, liaises with the business owners to identify/establish mitigation approach.
- Validates and/or identifies gaps that third party service provider contracts adequately outline duties, obligations, and responsibilities of the parties involved;
- Obtains certification from business owners that periodic monitoring (in-line with Program requirements) has been performed for all third party vendors as well as validates that user control considerations have been reviewed and tested where warranted;
- Performs periodic validation of business owners monitoring activities in line with Program requirements by obtaining certification and documentation from business owners, and where applicable reviews a sample for validation, such as the annual SSAE 16 report, DC/DR Plan and test results, certificate of insurance, financial statements, and other appropriate documentation,
- Complete vendor risk scorecards to document results of Oversight and Quality Assurance procedures, clearly documenting and analyzing risk exceptions and where applicable, working with the business owners to document appropriate action plan to remediate identified risk;
- Culminates and analyzes vendor scorecards and risk exceptions from across the enterprise to create enterprise-level risk reporting for Senior Level Management and the Board Risk Committee;
- Ensures all required contracts on are file and have undergone proper legal and compliance reviews;
- Proactively identifies contract renewal/termination timeframes, notifies the business owner in advance to determine course of action, while limiting fees to FNFG; and conducts due diligence/exit procedures based on the business decision;
- Maintains a Bank wide vendor database capturing, categorizing, and risk rating vendors and their sub contractors where appropriate;
- Updates the bank wide Vendor Management policy, process, workflows, technologies, and procedures as needed.
- Creates and reports upon program elements including operating reports, risk concentration reports, and exception reports;
- Create and present upon the Vendor Management Program to Risk Management and Senior Management throughout the Bank as warranted; and
- Stays current of any Vendor Management regulatory requirements and changes as well as industry best practices which would influence the FNFG Vendor Management Program.
- Performs other administrative duties as necessary.
- Responsible for adhering to and ensuring business unit complies with pertinent laws, regulations, First Niagara's Compliance Policy as well as external compliance requirements