Vendor Risk Management Analyst

Primary Duties & Responsibilities

• Support the implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements.


• Provide guidance to internal stakeholders to ensure requirements of VRM are fully understood.


• On-board existing and new High Risk vendors into the Vendor Management System


• Initiate and manage vendor communications related to due diligence questionnaires and other document requests


• Collect and analyze data received from vendors


• Input vendor-related data into the Vendor Risk Management system.

• Work with business owners, internal stakeholders, and vendors to ensure documentation is up-to-date throughout the vendor lifecycle

• 
  Manage tracking in the Vendor Risk Management system.


• Prepare risk assessment reports for vendors identified as High Risk.


• Update existing reports on a periodic basis.


• Serve as lead for monitoring risk incidents, remediation resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring


• Escalate risk issues to the appropriate individuals, as needed.


• Communicate risk-related issues and resolution management with specific vendors.


• Develop and maintain metrics reports related to vendor groups.


• Work with internal teams to analyze and resolve potential issues.


• Evaluate vendor performance against service level agreements


• Provide documentation for external audit requests


• Assist with vendor off-boarding, as needed


• Perform any other job related assignments, as requested, with reasonable accommodation.

Qualifications

Required:

• Bachelor’s degree in Business or related field


• Minimum 3 years related work experience in vendor management, vendor risk management, and/or strategic sourcing and procurement required



• Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  Practical knowledge of risk management software/applications (e.g., OneTrust, Bitsight, Venminder)


• Working knowledge of service level agreements and/or contractual requirements


• Ability to interpret information security data and processes to identify potential compliance and/or issues


• Excellent verbal and written communication skills including the ability to prepare documentation, policies and build consensus across a broad group


• Proficiency with Microsoft Office productivity applications (Word, Excel, PowerPoint)


• Amenable to working flexible hours


• Strong organizational and project management skills.

Preferred:

• Shared Assessments’ Certified Third Party Risk Professional (CTPRP)or Certified Third Party Risk Assessor (CTPRA) certification


• Experience working as a member of (or with) a corporate compliance or information security group.


• Sharp critical thinking skills, sound judgment, and decision-making ability.


• The ability to work both collaboratively and independently.


• Proven ability to work in a fast-paced environment where the client is always first.


• Ability to learn Milliman’s business and unique structure and culture.