InfoSec Third Party Risk Analyst

POSITION SUMMARY

This position plays a critical role in assessing and managing third-party risks for our organization by conducting operational reviews and risk assessments on third-party vendors and ensuring compliance with regulatory requirements and the bank’s internal policies. This position will work closely with the Third-Party Risk (TPR) team to ensure all reviews are completed timely within defined service-level agreements (SLAs).

ESSENTIAL FUNCTIONS

• Perform operational reviews and risk assessments on third-party vendors to ensure they meet the organization's information security policies and standards.
• Review and evaluate operational questionnaires and supporting documentation provided by third-party vendors.
• Analyze critical security certifications and reports, including but not limited to SOC 1, SOC 2, and PCI DSS certifications, to assess compliance and identify potential risks.
• Evaluate third-party risk management policies, business continuity plans, and disaster recovery procedures to ensure robust preparedness.
• Collaborate with the TPR team to streamline review workflows and ensure timely completion of assessments within defined SLAs.
• Provide recommendations and remediation plans for identified risks, ensuring alignment with enterprise risk appetite and regulatory requirements.
• Maintain thorough documentation of assessments, findings, and communications for auditing and tracking purposes.
• Stay updated on relevant standards, regulations, and industry best practices related to third-party risk and information security.

SUPERVISORY RESPONSIBILITIES

None

COMPETENCIES

• Sunrise 10X Values
• Adaptability
• Communication
• Compliance
• Dependability & Flexibility
• Initiative
• Integrity
• Judgment
• Organizational Skills
• Productivity
• Professionalism
• Quality Service
• Teamwork
• Technical/PC Skills
• Work Quality

EDUCATION & EXPERIENCE

• High school degree or GED Required
• College degree in security- or equivalent work experience preferred.
• 3+ years of experience in assessing information security risk, third-party risk management, or a related field within the financial services sector required.
• Working knowledge of SOC 1, SOC 2, and PCI DSS frameworks.
• Familiarity with business continuity planning and disaster recovery processes.
• Understanding of bank regulatory requirements and industry standards related to information security and vendor management.
• Applicable certifications preferred (CISA, CISSP, CISM, etc.)
• Collaborative mindset with ability to work effectively in cross-functional teams

COMPENSATION & BENEFITS

The expected starting annualized salary range is between $65,000 – 115,000 annually depending on experience and qualifications.

In addition, this position is eligible to enroll in a variety of benefits including Medical, Dental and Vision insurance, Retirement (401k) savings, Life and AD&D insurance, Short and Long-term disability insurance, Paid Time Off (PTO), Volunteer Time Off, Paid Parental Leave, Pet Insurance, and more.  Details at www.sunrisebanks.com/about/careers/.

This Position Summary reflects management’s assignment of major responsibilities, which represent the majority of essential functions.  It is not to be construed as an exhaustive statement of duties, responsibilities or requirements.  They may be subject to change at any time due to reasonable accommodation or other reasons