The Sr. Risk Analyst will assist with the day-to-day management of the second line of defense Third Party Risk Management (TPRM) program. The Sr. Risk Analyst plays a critical role at Varo and will be responsible for evaluating and managing third-party risks and supporting the TPRM Manager with additional program activities. The Sr. Risk Analyst will carry out ongoing reviews of all third parties, identify operational risks and requirements, and challenge and monitor third parties' ability to perform within risk appetite. This role will partner with the first line of defense on the execution of program deliverables.
What you'll be doing- Enhance Varo's Third-Party Risk Management Framework to ensure it meets regulatory expectations and Varo's risk appetite
- Define and meet SLA expectations for Third Party Risk Assessments, vendor onboarding, proof of concept periods, and retirement
- Oversee the implementation and adherence to Varo's policy and procedures regarding third-party risk management, including training internal departments on requirements and managing third-party service providers/vendors on an ongoing basis
- Enhance fourth-party oversight including the performance of risk assessments and identification of controls
- Collaborate with internal stakeholders to establish and maintain a comprehensive inventory of third-party relationships, applications, and associated risks
- Work closely with all Varo departments and internal risk groups that are seeking third-party services/vendor relationships to ensure that appropriate risk assessment and due diligence are conducted for any new third-party service
- Prepare and present comprehensive reports and recommendations to senior management regarding third-party risk exposures and mitigation strategies through performance assessments
- Track compliance with Varo's third-party policies and procedures, analyze and report on any gaps, and provide recommendations for remediation of such gaps
- Support the enhancement of the Governance Risk and Compliance third-party risk management platform covering the life cycle of third-party relationships including on-boarding/off-boarding of third parties and management of proof of concept periods
You'll bring the following required skills and experiences- 3-5 years of third-party risk management experience with a financial institution, a fintech company, or a provider to the financial services business sector
- Risk assessment and due diligence experience with a particular focus on identifying risks and identifying and implementing solutions to remediate these gaps
- Ability to conduct and report on testing of applicable controls that are in place regarding third-party service providers
- Experience designing systems and workflows that support effective prioritization of monitoring Third Parties and work for the team
- Experience assisting with a continually evolving risk-based monitoring program with a focus on automation and scalabilityExperience working within a diverse environment with a wide range of cross-functional stakeholders
- Experience managing multiple projects in a fast-paced, high-volume environment
- Familiarity in dealing with regulators, particularly OCC, FDIC, and Federal Reserve Board examiners
- Previous experience reporting to senior management, the Board, and/or Committees of the Board on the status of third-party risk management efforts
- Experience with RSA Archer or similar GRC tool
- CTPRP and/or CRISC certifications are highly preferred
$75,000 - $105,000 a year
For cash compensation, we set standard ranges for all US-based roles based on function, level, and geographic location, benchmarked against similar-stage growth companies. Per applicable law, the salary range for this role is $75,000 - $105,000. Final offer amounts are determined by multiple factors as well as candidate experience and expertise and may vary from the identified range
#MidSenior