Third- Party Risk Analyst

THE COMPANY:

We are working with a global corporate & retail bank, who are searching for a Third-Party Risk Analyst to join the team based in London.

THE RESPONSIBILITIES:

• Oversee the evaluation and selection process of third-party vendors and service providers.
• Ensure all third parties meet compliance, security, and performance standards during the onboarding process.
• Ensure that the due diligence process includes assessment of financial stability, business continuity arrangements, information security controls, and subcontracting arrangements, in line with the materiality of the service.
• Lead materiality assessments and escalate material outsourcing arrangements for internal governance review and regulatory notification, as required under SS2/21 and PS24/16.
• Identify, assess, and mitigate risks associated with third-party relationships, including operational, financial, cybersecurity, and reputational risks.
• Conduct regular vendor risk assessments and due diligence.
• Maintain an up-to-date centralised third-party register, incorporating risk classifications, service criticality, contract status, and key controls.
• Ensure that risk assessments are periodically refreshed, especially for material outsourcers and high-risk third parties.
• Support the review of exit plans and substitution strategies for critical and important third- party services.
• Ensure third parties comply with applicable laws, regulations, and internal policies (e.g., UK DPA 2018 (GDPR), ISO 27001).
• Maintain up-to-date knowledge of regulatory changes affecting third-party relationships.
• Ensure third-party arrangements comply with FCA/PRA outsourcing and third-party risk management requirements, including SS2/21, PS24/16, SYSC 8 and 15A.
• Assist to develop and implement KPIs to measure vendor performance and ensure service level agreements (SLAs) are met.
• Work closely with internal stakeholders to address vendor performance issues.
• Coordinate periodic third-party performance reviews, documenting results and triggering remediation plans where necessary.
• Monitor critical service providers against important business services and impact tolerances as part of the operational resilience framework.
• Collaborate with legal and the relevant teams to negotiate contracts and service agreements.
• Ensure contracts clearly define deliverables, timelines, and compliance requirements.
• Ensure contracts for material outsourcing arrangements include clear provisions on access, audit, exit strategy, subcontracting, and data residency, in line with SS2/21, and PS24/16.
• Work with Legal to ensure enforceability of rights in different jurisdictions and to maintain legal oversight of contract risks.
• Act as the primary point of contact between the organization and its third-party vendors.
• Collaborate with internal departments (e.g., IT, Legal, Facilities & Admin) to align third-party activities with organisational goals.
• Support internal governance processes by preparing third-party reports and presenting risks, escalations, and updates to the Third-Party Manager.
• Facilitate collaboration between business owners, risk, legal, and procurement functions to ensure a coordinated approach to third-party governance.
• Maintain detailed records of third-party activities, assessments, and performance metrics.

EXPERIENCE REQUIRED:

• Working knowledge of third-party risk management, vendor management
• A minimum of 2 years of experience in the field within a banking institution.
• Strong analytical and problem-solving skills.
• Proficiency in vendor management systems (VMS) and other relevant tools.
• Understanding of legal and contractual obligations.
• Familiarity with FCA/PRA rules including SYSC 8, SYSC 15A, PS24/16, and Supervisory Statement SS2/21.