Enterprise Risk Management Senior Analyst

STATUS: Full Time / Exempt

REPORTS TO: Director, Compliance and Risk Management

LOCATION: Corporate Office - must reside in NY state.

COMPENSATION: The salary range for this position is expected to be between $80,000 - $88,000. The actual salary will be determined based on experience and other-job related factors, consistent with applicable law.

HOURS: 37.50 hours per week

SCHEDULE: Monday - Friday, 8:30 - 5:00

Position Overview

The Enterprise Risk Management (ERM) Senior Analyst is responsible for supporting the objectives of the enterprise-wide risk management program. The position is responsible for the vendor management program and acts as the liaison between vendors/vendor owners to accomplish all its objectives. Additionally, this position is responsible for developing, maintaining, and testing the credit union's business continuity management program (BCM) and business continuity plan (BCP). This position will manage and support all BCM efforts to position the Credit Union to manage crisis events and to maintain ongoing assurance in the Credit Union's abilities to prepare for such events successfully.

The ERM Senior Analyst works with key stakeholders at many different levels to manage vendor relationships, coordinate and conduct risk assessments, including information security and business continuity considerations and manage identified risks to an acceptable level. The role requires the ability, through interaction with the lines of business, to evaluate the level of inherent and residual risks associated with the organization's relationships with third parties and validate that they are properly managing risks in line with regulatory expectations and policy.

The ERM Senior Analyst will coordinate business continuity implications related to third party service providers with the credit union's business continuity plan strategy.

Perform all responsibilities in a manner that serves The Summit's Mission and upholds the credit union's values.

Essential Responsibilities- Must be capable of performing the following essential responsibilities, with or without reasonable accommodations, as outlined below.

• Assist in the development and execution of an enterprise risk management program which includes third-party risk management.
• Represents Vendor Management in all lines of business and requires a high degree of diplomacy, collaboration and interpersonal skills to provide education, guidance, and support to vendors and Credit Union Relationship Managers throughout the third-party risk management process.
• Facilitates and executes the Vendor Management Program. Coordinate workflow for the Vendor Management Program utilizing the software and training users on the systems.
• Continuously monitors vendor risk even after the vendor contract is executed (e.g., monitoring performance levels and periodically requesting and analyzing current due diligence).
• Responsible for ensuring the vendor program is following NCUA federal regulations and FFIEC standards, policies, procedures and requirements in reference to third party risk vetting requirements, categorization criteria, controls and ongoing monitoring.
• Continuously evolves the vendor risk management program and associated technology to adapt to changing business requirements on behalf of the credit union. This includes new/existing vendor review process to ensure security controls meet internal baselines, including review of service organizations controls reports, financial and business continuity analysis etc. Collaborates with internal support (Information Technology) to ensure that all related control requirements have been met and considers emerging risks. Ensures all control exceptions are monitored for corrective actions until new/existing vendor is within policy guidelines.
• Responsible for Vendor Risk Management reporting that tracks enterprise vendor risk management activities and all vendor management tasks inclusive of working with external vendors and internal employees, initiating, and managing the due diligence process for approval for potential new vendor and contract renewals.
• Serves as the subject matter expert for vendor owners to help ensure that all risk assessment and mitigation requirements have been met throughout vendor lifecycle.
• Develops and facilitates a contract management process that ensures contractual language appropriately protects the Credit Union, including confidentiality requirements, service standards and dispute resolution processes as it relates to third-party NCUA regulatory compliance.
• Responsible for ongoing development, maintenance, distribution, evaluation, enhancement and testing the Business Continuity Plan.
• Monitors business and operational changes to ensure the BCP remains current and valid.
• Assists management, business continuity and recovery teams during a business-interrupting event and with implementation of the Business Continuity Plan when appropriate. Assumes a leadership role in understanding dependencies in the business and incorporate them into Business Continuity plans. Identify outage exposures that could cause a business interruption including reviewing Insurance and Vendor agreements to safeguard against a disaster event. Responsible for training staff and management.
• Coordinates, documents, and ensures completion of Business Continuity Plan testing efforts and assists in implementing recovery effort enhancements as identified from testing and real-life business interruption scenarios.
• Conduct and documents ongoing functional and departmental Business Impact Analysis (BISA) meetings, related risk assessments, and function and departmental business continuity plans.
• Collaborate with key infrastructure teams to identify and resolve for recovery expectation gaps, clarify and document recovery time objectives and maximum tolerable downtimes.
• Assist in any internal or external audits as needed. This includes, but is not limited to, pulling documents for review, program, and policy explanation/demonstration, and providing reports and documentation.
• Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner.
• Performs other job-related duties as assigned.

Qualifications

Education & Experience - Applicants must possess the following qualifications or an equivalent combination of education and experience:

• Education: Bachelor's degree from an accredited four-year university with a concentration in the areas of computer science, information science, management information systems or business-related program. Significant technology-related course work or equivalent work experience required. Audit or Risk Analyst or an equivalent combination of education and experience preferred.
• Experience: Minimum of three years of experience in the field of business, audit or information technology with previous risk or business continuity experience, preferably in a financial institution.
• Familiarity with financial products and services and with the regulations which govern financial institutions, preferably credit unions, is required.
• Industry-related certifications (third party risk management) not required but is a plus.

Knowledge/Skills

• Efficient time management and strong organizational skills, attention to detail, and the ability to complete tasks with a high level of accuracy
• Must possess and exhibit excellent analytic skills and judgment to solve complex problems
• Strong written and verbal communication skills and the ability to effectively interact with all levels within a corporate setting
• Excellent computer skills required, including proficiency with Microsoft Office applications (particularly Excel) and working knowledge of financial institution core operating and database systems.
• Flexibility (able to adapt to changing environment)
• Positively communicate with diverse populations while providing excellent customer service, adherence to confidentiality
• Ability to prioritize and manage multifunctional tasks
• Ability to act independently, with some supervision
• Ability to provide independent and objective analysis
• Ability to maintain a high level of confidentiality relative to any information received, directly or indirectly, at all times
• Ability to work effectively under pressure and with time constraints

Work Environment

• Lifting (5-10 pounds)
• Standing/Sitting extended periods of time, while working in front of computer monitor
• Typing / Data Entry
• Professional Office Environment
• Overhead Lighting

EQUAL OPPORTUNITY EMPLOYER: The Summit Federal Credit Union is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, protected veteran status, or status as a qualified individual with disability.

Subject to the compliance requirements of all related federal regulations, including but not limited to; the Bank Secrecy Act (BSA), Anti Money Laundering (AML), Information Security and Privacy policies and procedures. Employees complete annual BSA, AML, Information Security, Privacy, and other job-related training requirements as established by the Summit and within deadlines.

*Note: The above information on this job has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.