Summit Credit Union, voted #1 employer by WSJ & a top ten by Madison Magazine, is expanding its team, opening up an exciting opportunity for an IT Vendor Risk and Contract Analyst. In this role you will be responsible for ensuring adherence to the Third Party Oversight (Vendor Management) Policy & compliance with government regulations, directives, & guidance. This role will be the enterprise risk management point of contact during potential new IT vendor reviews & onboarding, evaluating & editing IT contracts, agreements, statements of work, order forms, & non-disclosure agreements to ensure they meet our business & regulatory requirements.
Responsibilities | Essential Functions
- Facilitate, conduct, and document due diligence efforts to ensure the due diligence documentation is aligned with policy and regulatory expectations.
- Identify critical and high information security risk IT vendors and ensure appropriate due diligence is performed in a timely manner.
- Conduct qualitative and quantitative risk assessments.
- Lead IT relationship owners and/or Information Security Risk Analyst through the risk assessment process, due diligence analysis efforts, and contract negotiation. Ensure IT vendor relationship owners are aware of potential risks.
- Collect and review internal and external questionnaires, SOC reports, financial reports, penetration/vulnerability test results, PCI compliance, and policies such as Information Security, Incident Response, Business Continuity, Disaster Recovery, Third Party Oversight, Privacy, Confidentiality and Destruction of Data.
- Evaluate and edit all new IT contracts, agreements, statements of work, order forms, and non-disclosure agreements to ensure they meet the needs of the organization, adhere to business standards, and key risks are addressed. Work with legal counsel as needed. Ensure IT vendor relationship owners are aware of potential risks.
- Perform and document financial reviews.
- Work in a self-directed, collaborative, and constructive manner with internal and external stakeholders to enhance the effectiveness of vendor management processes and controls.
Qualifications | Job Specifications
- Four-year (Bachelor’s) degree in business, risk management, or related field.
- Minimum seven years risk management experience with strong understanding of IT vendor risk management, preferably in a financial services organization.
- Certification(s) in vendor relationship management or equivalent is desired. Certified Regulatory Vendor Program Manager (CRVPM) Level 2 or higher designation is preferred.
- Extensive knowledge of financial industry products, services, policies and regulatory requirements governing third party outsourcing and information security such as the NCUA regulations, Gramm Leach Bliley Act, FFIEC guidance, various state/international privacy laws, and others.
- Broad knowledge of the IT industry and the products and services provided by technology vendors (i.e. Services, Software, Hardware, SaaS).
- Experience reviewing and making changes to outsourced technology contracts including master agreements, amendments, statements of work, subscription agreements, NDAs, etc.
- Ability to read, analyze, interpret, and summarize the financial statements of third party vendors.
- Self-starter, and process-minded with a keen eye for detail, a high sense of urgency, and ability to manage many new vendors, contracts and due diligence obligations simultaneously.
- Strong organizational, problem solving, and planning skills with the ability to set priorities is necessary.
- Professional, well-developed written and oral communication skills necessary for communicating with all levels of employees and outside attorneys.
- Intermediate mathematical skills required (calculations and concepts involving decimals, percentages, fractions, etc.).
- Basic to intermediate knowledge in Microsoft Excel, Word, Power Point and Outlook.
About the Organization
- Voted #1 large employer by Wisconsin State Journal and winner of top work place by Madison Magazine
- Excellent heath insurance
- 401K with match
- Student loan pay back
- Birthday PTO
- Paid volunteer time
- Fun, collaborative environment
- And more At Summit we cover more ground, give more back and have more fun. Come be a part of something bigger!
How to Apply
Summit Credit Union