Third Party Risk Management/Business Resilience Analyst
First Commonwealth Bank

Coordinates Third Party Risk Management processes for engagement and ongoing relationships between risk managers third parties. Assists in the development, analysis, and reporting of third party performance to satisfy Enterprise Risk reporting requirements. Governs the third party database/tracking product. Acts as a primary contact for questions and/or issues related to third parties and the management processes.

Assists with the coordination of the corporate Business Resiliency strategy including business continuity plans, vendor resiliency, and crisis management. Facilitates the Business Impact Analysis review and reporting to satisfy Enterprise Risk reporting requirements.

Supports the development and delivery of training programs to raise awareness of business resiliency and third-party risk management practices across the organization.

Essential Job Responsibilities__________________________________

1. Coordinates third party risk management and business resiliency processes for existing and potential third parties.

2. Develops, analyzes, and reports third party performance and business resiliency to satisfy Enterprise Risk reporting requirements.

3. Governs the third party database/tracking and business resiliency products.

4. Acts as a primary contact for questions and/or issues related to third parties, business resiliency and the management processes.

5. Liaises between relationship managers and third parties to assist with the completion of the initial, and annual due diligence, and to ensure complete and accurate third party provider information.

6. Participates in Third Party Management Committee meetings and project teams as assigned.

7. Remains current on business, regulatory and industry changes that may impact the risk profile of the business or enterprise.

8. Interacts with internal audit, external audit firm and regulatory authorities as needed to perform job functions.

Bona Fide Occupational Qualifications___________________________

1. Education: Bachelor's degree in Risk Management, Business Administration, Finance, or four (4) years' experience with Third Party Risk Management, vendor management, Business Resiliency, compliance or related fields preferably within the financial services or technology sectors.

2. Strong understanding of regulatory requirements (e.g., GDPR, CCPA, SOX) and industry standards (e.g., ISO 27001, NIST) related to third-party risk management and business resiliency

3. Proficiency in risk assessment methodologies, risk analysis techniques and risk mitigation strategies.

4. Must possess excellent project management skills. Proficient reading, writing and grammar skills; mathematical skills; proficient communicative and interpersonal relations skills. Must possess proficient analytical ability to translate current technology and correlate with business needs.

5. Technical Experience: Must be proficient in Microsoft Office computer applications. Dexterity needed to operate a personal computer, telephone, copier and fax.

6. Preferred certifications: Certified Third-party Risk Professional Certification (CTPRP), Certified Third-party Risk Assessor (CTPRA), Certified in Risk and Information Systems Control (CRISC), Third-party Risk Management Professional (C3PRMP), Certified Business Continuity Professional (CBCP)

7. Travel: Valid driver's license and ability to travel if necessary.

8. May be eligible for Telecommuting.


Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)