Third Party Risk Management Analyst II

Division Or Field OfficeOffice of the Secretary of General CounselDepartment of Position: Privacy & Third Party Risk DptWork FromHome Office, Erie PASalary Range$60,677.00 - $96,925.00 *salary range is for this level and may vary based on actual level of role hired for• This range represents a national range and the actual salary will depend on several factors including the scope and complexity of the role and the skills, education, training, credentials, location, and experience of an applicant, as well as level of role for which the successful candidate is hired. Position may be eligible for an annual bonus payment.At Erie Insurance, you’re not just part of a Fortune 500 company; you’re also a valued member of a diverse and inclusive team that includes more than 6,000 employees and over 13,000 independent agencies. Our Employees work in the Home Office complex located in Erie, PA, and in our Field Offices that span 12 states and the District of Columbia.Benefits That Go Beyond The BasicsWe strive to be Above all in Service® to our customers—and to our employees. That’s why Erie Insurance offers you an exceptional benefits package, including:• Premier health, prescription, dental, and vision benefits for you and your dependents. Coverage begins your first day of work.• Low contributions to medical and prescription premiums. We currently pay up to 97% of employees’ monthly premium costs.• Pension. We are one of only 13 Fortune 500 companies to offer a traditional pension plan. Full-time employees are vested after five years of service.• 401(k) with up to 4% contribution match. The 401(k) is offered in addition to the pension.• Paid time off. Paid vacation, personal days, sick days, bereavement days and parental leave.• Career development. Including a tuition reimbursement program for higher education and industry designations.Additional benefits that include company-paid basic life insurance; short-and long-term disability insurance; orthodontic coverage for children and adults; adoption assistance; fertility and infertility coverage; well-being programs; paid volunteer hours for service to your community; and dollar-for-dollar matching of your charitable gifts each year.Position SummaryUnder minimal supervision, conducts risk assessments to evaluate the security and integrity of vendors that have access to ERIE data to confirm they are properly vetted from an information security, business continuity and recovery, risk management and governance, software/infrastructure development and support and privacy perspective, and associated controls are in place or mediated prior to establishing or continuing operations with the vendor.• The successful candidate ideally will work from the Home Office, Erie PA. Special consideration may be given to those who live in ERIE's Footprint and work from home.• The Hiring Manager will also consider candidates for a Senior Third Party Risk Management Analyst. Level of position offered will be based upon the depth and breadth of selected candidate’s experience and qualifications.Duties and Responsibilities• Analyzes responses to third party assessment questionnaires and reviews supporting documentation (SOC reports, etc.) received from vendors to identify and evaluate the risks in establishing or continuing operations with them.• Interviews key vendor personnel, as necessary, to gain additional insight and/or clarify response to completed questionnaires.• Composes assessment reports containing findings and recommendations and presents to the business and the third party, where appropriate.• Works with other subject matter experts from the Law, Privacy, Information Security, Enterprise Risk Management, Sourcing and Vendor Management, Business Continuity and Disaster Recovery Departments and business areas to apply risk assessment criteria in line with corporate policies.• Works directly with vendors to assist them in effectively managing operational risks related to the identification of potential areas of concern with business processes, applications and systems.• Assigns an overall risk rating with refined qualifications based on potential risk in business processes, applications and systems.• Works with internal business owners to assist them and, if necessary, build a plan for effectively managing third party operational risks related to business processes, applications and systems.• Works with interdisciplinary teams across ERIE to ensure identified risks that require mitigation have a plan developed and are executed for resolution.• With assistance from the business, conducts onsite assessments for evidence around a vendor's capabilities, governance and controls.• Promotes and delivers continuous training and awareness to business partners on vendor risks and enhance ERIE's internal service model that informs business owners of key risks in a timely manner.• Works with the Law Division and the Sourcing and Vendor Management Department to provide input for contract design related to key provisions for vendor risk management.• Grows professionally by focusing on continuous improvements and staying abreast of industry, regulatory, compliance and cybersecurity issues and best practices.• Provides guidance to Sourcing and Vendor Management on best practices and continuous improvement for processes, assessments and other operational activities.Duties and Responsibilities (cont'd if applicable)The first three duties listed are the functions identified as essential to the job. Essential functions are those job duties that must be performed in order for the job to be accomplished.This position description in no way states or implies that these are the only duties to be performed by the incumbent. Employees are required to follow any other job-related instruction and to perform any other duties as requested by their supervisor, or as become evident.QualificationsMinimum Educational and Experience Requirements• Bachelor's degree in Business or Risk Management or Information Technology or equivalent experience required. Two years' related work experience in risk management and/or internal controls required.• Associates degree in Business or Risk Management or Information Technology and four years experience in risk management and/or internal controls; or• High school diploma or GED and six years experience in risk management and/or internal controls required.Additional Experience• Working experience of information security, cloud security, artificial intelligence, vulnerability management, information security frameworks (NIST, ISO, etc.), insurance or financial services industries, auditing and/or IT auditing.What You'll DoThe opportunity of Third Party Risk Management Analyst II will serve as a subject matter expert providing consultative insight and risk reduction recommendations to business areas relying on third parties for their operation.What Makes You Stand Out• Working knowledge and experience in third party risk, information security, and cloud security• Prior experience as a Third Party Risk Analyst or Information Security Analyst conducting risk assessments• Ability to pinpoint strengths and areas for improvement related to organizational security posture and risk management• Good understanding of third party risk and information security controls and frameworks• Excellent communication and collaboration skills• Independent self-starter, ability to manage multiple projects simultaneously• Working knowledge of third party risk management or continuous monitoring tools• Third Party Risk or Information Security certificationDesignations and/or Licenses• This position requires periodic travel. CISA, CISM, CRISC, CISSP, CTPRP or related certifications preferred, but not required.CompetenciesValues DiversitySelf-DevelopmentInformation Management SkillsNimble LearningCollaboratesJob-Specific KnowledgeCustomer FocusCultivates InnovationOptimizes Work ProcessesInstills TrustEnsures AccountabilityDecision QualityPhysical RequirementsClimbing/accessing heights; RarelyDriving; Occasional (<20%)Lifting/Moving 0-20 lbs; Occasional (<20%)Lifting/Moving 20-50 lbs; Occasional (<20%)Ability to move over 50 lbs using lifting aide equipment; RarelyManual Keying/Data Entry/inputting information/computer use; Frequent (50-80%)Pushing/Pulling/moving objects, equipment with wheels; Rarely