Operational Risk Specialist II/(Analyst) - Third Party Risk

This position supports the New Initiative Program and Third-Party Risk Management (TPRM) Program in Operational Risk Management (ORM).  ORM sits within the Enterprise Risk Management Division. This position reports to the VP, Risk Manager I -Third Party Risk Management & New Initiatives managing the New Initiative and TPRM Programs under direction of the VP of Operational Risk Management.  The role supports the ongoing risk assessments for New Initiatives, partnering with business units and risk stakeholders to assess the new activities at the Bank in accordance with second line Policies and regulatory requirements. The role will facilitate the strategic new initiative by utilizing the Bank’s GRC tool and by working with the Business Line partners to gather information to identify and implement solutions to the new opportunities. The Operational Risk Analyst II is responsible for helping ensure compliance with the Third-Party Risk Management Program’s policies and procedures as well as all required regulatory requirements to help mitigate and monitor third party risk at the Bank.  This includes risk management program development, executing TPRM program requirements including third party onboarding, risk assessments, monitoring, and offboarding. Support audits and exams, and independent third-party foreign vendor and other related third-party risk assessments and reporting.  This person will communicate internally with vendor owners and risk stakeholders to successfully manage due diligence and required vendor documentation and monitoring. This position will provide independent risk challenge to the business. 

Assist in the execution of the second line of defense Third-Party Risk Management program including: 

• Engages with key stakeholder and business partners in when New Initiatives are submitted
• Contribute to the ongoing enhancements of the New Initiative Program and GRC build out
• Support fostering a risk aware culture, including educating the business units on TPRM and New Initiatives
• Facilitate New Initiatives in partnership with the business and ensure appropriate risk reviews are performed, change risk is assessed, captured, mitigated, and reported as appropriate 
• Establish strong working relationship with third party owners, new initiative owners, and risk stakeholders
• Support the completeness and accuracy of the third-party and new initiative records in Archer, the GRC tool. 
• Execute annual third-party monitoring and third-party risk assessments and support the identification, escalation, monitoring, and reporting of third-party risks 
• Analyze and execute annual third-party SOX/SOC reviews
• Identify and initiate improvements in programs, tools, and processes and ensure established processes meet program requirements, regulatory requirements, industry best practices, and organizational objectives
• Report on third party programs, new initiatives, and risks to appropriate risk committees
• Create, manage, and monitor second line findings
• Assist with ad hoc third-party reviews, audits, and exams
• Stay current on industry developments related to Third Party Risk Management, New Initiative Risk assessments, and related regulatory guidance 

PROBLEM SOLVING & DECISION MAKING:  This position requires the ability to work independently and provide sound discretion and judgement.  There will be a significant amount of collaboration with other areas which will require strong organizational and communication skills.  A high level of accuracy and attention to detail is needed.  Program responsibilities are visible to management and the regulators.  Problem solving, solution identification, and risk escalation will be a key component of the role. 

Education and Experience  

• Bachelor’s degree or equivalent experience preferred
• 2-4 years of related experience at a Financial Institution, Audit Firm, Regulatory entity, or Consulting Firm in the areas of operational risk, enterprise risk management, compliance, third party risk management, procurement, contracting, vendor management, or controls management. 

Skills/Knowledge 

• Proficient in Microsoft Office Suite
• Knowledge of Archer or other GRC experience preferred
• Knowledge/foundation of bank’s operations and risk management programs preferred
• Familiarity with technology, cyber, and SOC reports. 
• Self-motivated and the ability to work and learn independently
• Responsible for reaching out to business units and other risk areas as directed to ensure timeliness and accuracy of assessments.
• Strong analytical, organizational, and problem-solving skills
• Excellent oral and written communication skills
• Ability to apply risk management concepts to a business setting is preferred
• Accountable for making fact-based recommendations for review/approval appropriate for their position and level

At Eastern Bank, we pride ourselves on supporting our employees by offering tremendous opportunity for individual growth. As an inclusive company, we work to ensure that our valued employees are treated fairly, recognized for their individuality, and encouraged to reach their fullest potential. These values have earned us a reputation as a great place to work and provide a strong reason why you should consider a career with us. We are proud to offer comprehensive compensation plans and a benefits program called Total Rewards that includes medical, dental, vision, life and disability insurance, retirement, vacation and tuition reimbursement.
Eastern Bank is an Equal Opportunity Employer of women, people of color, LGBTQIA+, religion, national origin, citizenship, neurodivergence, age, Veterans, individuals with disabilities, or any other characteristic protected by law.
At Eastern Bank, we are dedicated to building a diverse, equitable, inclusive and authentic workplace. If you’re excited about this role but your experience doesn’t fully align with every qualification, we still encourage you to apply! You may be just the right candidate for this position or others across the company. Our Recruitment team is waiting to chat with YOU.