Vendor Compliance Analyst (Hybrid)

The Vendor Compliance Analyst (Hybrid) ensures third party vendor compliance with quality standards or regulatory requirements established by the government, by NYCM policies and procedures, and aligns with the corporate strategy. The chosen candidate documents and communicates standards and requirements, evaluates vendors and reports on findings; identifies non-compliance and plans for resolution. In addition they will assist in identification and evaluation of, and negotiation with vendors and/or suppliers.

Duties & Responsibilities:

• Coordinate and assess new and current third-party’s risk profiles, risk scoring, negative news, and Key Performance Indicators (KPIs).
• Identify and communicate potential risks during all phases of the vendor lifecycle including onboarding, periodic due-diligence, continuous monitoring, and offboarding of the third party vendors.
• Develop exit strategy/plans in collaboration with divisional partners for critical third-parties while ensuring the plan is integrated within the corporate strategy, risk appetite and risk tolerance.
• Oversee and monitor the Vendor/Contract Lifecycle Management (VCLM) platforms in order to effectively manage the third-party landscape.
• Development and maintenance of effective partner relationships with strategic vendors during all phases of the TPRM lifecycle.
• Conduct periodic re-reviews of critical third party vendors.
• Assist management in the development of TPRM’s vision, strategy, key internal and external reporting metrics, and develop methodologies for the assessment of third-party risk throughout the organization.
• Perform inherent risk rating of vendors based on the level of engagement and type of data exchanged.
• Monitor changes during the vendor engagement and continuous monitoring feeds to trigger reassessments.
• Utilize software systems to compile and prepare reports, graphs and charts of developed data.
• Assist Cyber and IT with vetting vendor’s cybersecurity controls and environment to understand the residual risk of the partnership.
• Assist Finance and ERM with vetting vendor’s financials and business continuity controls and environment to understand the residual risk of the partnership.

• Identify control gaps associated with a vendor’s control environment, understand exposure, likelihood of impact and provide recommendations to stakeholders regarding the risk of partnering with the vendor based of the assessment findings.

• Critically examine work processes to suggest and implement changes and gain efficiencies.

• Organize and maintain the collection of due-diligence documentation collected during all applicable assessments to ensure compliance with the agreement(s) between the parties.
• Stay abreast of emerging security threats, industry best practices, and regulatory requirements related to third-party risk management.
• Principal liaison between the vendor and internal groups during initial due-diligence and ongoing risk monitoring discussions regarding third-party vendors.
• Coordinate with ERM in the development of thought-provoking scenarios and stress tests and facilitate tabletop exercises and other drills involving TPRM.
• Educate internal groups on a variety of TPRM concepts.
• Other duties as assigned.

Requirements: 

• High School Diploma
• 2 years third-party risk management experience in a related field.

Qualifications & Skills: 

• Moderate understanding of business continuity management and resiliency
• Understanding of how TPRM impacts various business areas and assisting those areas with managing third-party risk within an organization.
• Basic understanding of SOC2 reports, cyber security assessments (NIST), and ISO (ISO 27001) Certification
• Knowledge of applicable laws and regulations (e.g. NYSDFS Regulation 500, GDPR, PCI DSS, etc.) with a focus on data privacy and security.
• Basic Insurance Knowledge with an emphasis on Commercial General Liability and Tech/E&O Insurance coverages
• Strong working knowledge of Microsoft Office applications.
• Detail oriented, organizational, time management, prioritization, meet deadlines, and multi-task skills.
• Demonstrated ability to collaborate with multiple stakeholders and manage conflicting priorities effectively.
• Effective communication, listening, and problem-solving skills.
• Ability to work independently and as part of a team.
• Highly motivated, self-starter that is goal oriented.
• Professional attitude and manner with ability to maintain composure in stressful situations.
• Ability to motivate and influence committees on technical subjects.
• Experience facilitating key projects or initiatives.
• Sound decision-making ability within the boundaries of the assigned responsibilities

Payband TBD / Hours 40 per week

Salary Range: $51,500 - $78,000

Applications accepted through: 3/19/25

Salary : $51,500 - $78,000