Third-Party Risk Specialist

Pay Range: $21.35 USD to $26.69 USD

SUMMARY

The Third-Party Risk Specialist protects the organization's sensitive data by applying cybersecurity best practices and managing risk. This position offers a great opportunity to grow in the field, as it involves conducting third-party risk assessments, supporting vendor security compliance, and collaborating across departments to strengthen defenses.

The ideal candidate should be a detail-oriented, strategic thinker with strong organizational skills and a willingness to learn. While a foundational understanding of cybersecurity principles is beneficial, a proactive mindset, adaptability, and dedication to continuous learning are equally valuable for success in this role.

This role provides hands-on experience in vendor management and risk mitigation while aligning security efforts with company objectives. By integrating security measures with business goals, the Third-Party Risk Specialist helps ensure trust and operational efficiency across Banterra and its affiliates, contributing to a safe and secure digital environment.

All employees are expected to protect the information and assets of the organization through heightened awareness of information security, cybersecurity, and risk management best practices, as well as complying with all applicable laws, regulations, and organizational policies.

ESSENTIAL DUTIES

• Complete information security third-party due diligence reviews and assessments for vendors to evaluate risks and determine effectiveness of controls.
• Assist other Information Security employees with the scoping and completion of cybersecurity risk control assessments.
• Complete and maintain data flow diagrams.
• Communicate due diligence expectations to both vendors and vendor owners.
• Work with vendors and vendor owners to track the performance of Service Level Agreements.
• Provide input and assistance in developing Risk Management policies.
• Formulate, update, and recommend organizational cyber security strategies and policies.
• Assist in the evaluation, testing, and assessment of the use of technology to support cyber security goals and objectives.
• Prepare applicable reports for management, Board of Directors, and auditors on applicable system performance and risk management initiatives.
• Communicate effectively and tactfully, orally and in writing, with internal and external customers, vendors, and management.
• Assist in the management, content development, review, and change processes for the Vendor Management Program.
• Create, distribute, and maintain guides and training for information security, including vendor management.
• Participate in special cyber security and information security projects as assigned.
• Assume responsibility for additional projects and tasks as assigned.

EDUCATION & CERTIFICATIONS

• Bachelor's degree or commensurate combination of education and vendor management/risk management experience required.

MINIMUM REQUIREMENTS

• Working knowledge of core enterprise applications and interworking of various data processing functions and inherent risks.
• Exceptional attention to detail with the ability to remain organized and produce accurate, efficient work in a fast-paced environment.
• Strong critical-thinking skills and the ability to analyze potential project outcomes with the adaptability to redirect attention as needed to meet targets and deadlines.
• Ability to complete standard calculations and apply basic mathematical concepts in practical situations.
• Excellent communication skills and the ability to communicate effectively, verbally and in writing, with internal and external customers at all levels.
• A positive and proactive approach to work, demonstrating enthusiasm, adaptability, and the ability to maintain composure and professionalism in stressful or adverse conditions.
• Proficient computer literacy, including comfort with Microsoft systems and Office Suite.
• Intermediate typing skills to meet the needs of this position.
• Current driver's license and reliable transportation with appropriate insurance coverage; additionally, the ability to drive occasionally in the course of performing assigned duties and responsibilities.
• The ability to work with minimal or no supervision.

ADDITIONAL QUALIFICATIONS

• Direct experience or training in cyber security, IT infrastructure, or a related field preferred.
• Familiarity with end-to-end banking services preferred.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the functions.

While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers; handle or feel objects, tools, or controls. The employee is occasionally required to stand; walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is usually low to moderate.

NOTE

This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments.

All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently.

Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others.

The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

The company is an Equal Opportunity Employer, drug-free workplace, and complies with ADA regulations and other laws/regulations as applicable.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights notice from the Department of Labor.