OneMain Financial Jobs

Job Description

The Senior Third-Party Risk Analyst (Advisor) serves as a subject matter expert across corporate third-party services and dependencies. This role provides subject matter expertise, managing, and performing key functions necessary to satisfy requirements of the Third-Party Risk Management (TPRM) program, including program projects and strategic initiatives. The Senior Third-Party Risk Analyst will be responsible for ensuring the TPRM platform is successfully adopted across the organization. This role is accountable and responsible for providing expert risk analysis and information to business and risk management leadership. Additionally, the advisor establishes rapport with risk management to support the company’s overall IT and security governance, risk management and compliance program with third-party vendors. The role encompasses implementation and maintenance of our Third-Party platform and policies, as well as a comprehensive control framework with enterprise-wide Third-Party Risk Management.

Additionally, the advisor consults and provides input to the comprehensive list of organization third-party providers, applications, and services from the time of onboarding through termination. The advisor ensures the company’s technical systems, data, intellectual property, and information assets are protected. Working closely with risk and security leadership, the advisor identifies, evaluates, and reports on information security risks so the business is aware and can act accordingly.

Responsibilities:

• Build and foster a strong rapport and relationship across the enterprise to collaborate with key stakeholders including Procurement, Legal, Physical and Cybersecurity, Compliance, Privacy, Technology, and other business functions to identify, assess and design plans to mitigate and monitor risks associated with third parties

• Support TPRM Program & platform development and ongoing maturation through updating standards, procedures, processes, internal controls, etc.

• Generate and implement quality assurance standards, conduct vendor assessments, monitor program output (data, deliverables, etc.), and identify opportunities for improvement

• Ensure required risk management activities and control weaknesses are identified prior to contract execution with third party provider, or appropriate risk acceptance is documented and approved in third-party risk platform

• Monitor and evaluate the ongoing performance of third-party vendors in alignment with internal strategies, industry best practices, standard security frameworks, and regulatory guidance

• Evaluate third party maturity using ISO, the Cybersecurity Maturity Model Certification, NIST, GDPR and other industry framework standards and best practices

• Gather a full inventory of third parties and work on remediation and participate in change management process and data clean up in third-party platform and other systems

• Conduct training on third-party platform to team members as needed, to drive standardization and consistency of Program execution

• Complete research and analysis as needed to close Program gaps.

• Create and deliver presentations on status updates of TPRM program/platform, ensuring transparency and accountability at all levels of the organization

• Risk management culture: Supports the company’s commitment to risk management and protecting the integrity and confidentiality of systems and data

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Skills and Requirements

• Bachelor’s Degree Information Systems or Information Technology, Computer Science, Risk Management, or professional equivalency

• 3-5 years of work experience related to Third Party Management, vendor risk management, cyber risk management and/or procurement

• Strong understanding of regulatory requirements and industry best practices related to third-party/vendor risk management

• Knowledge of risks related to IT application development and infrastructure maintenance, IT security, business continuity and disaster recovery, emerging technology platforms (e.g., AI), and cloud services.

• Project or Process management experience

• Excellent written and oral communication skills with experience writing policy and procedural documentation

• Experience with using GRC technologies, risk management, reporting tools, along with Microsoft software applications

• Ability to understand a variety of third-party risk systems and services, from new technologies to legacy systems