Third-Party Risk Management (TPRM) Analyst

Our Story & Purpose :

Were Vancity a member-owned credit union built on the principles of inclusion and social justice. Since 1946 our relentless commitment to these values has helped us challenge the status quo and break down barriers. Weve made bold commitments to become net-zero by 2040 across all mortgages and loans and were actively pursuing strategies in Indigenous banking and financial resilience for our members.

As the largest private sector Living Wage Employer in Canada were proud to be consistently recognized as one of the countrys Top Employers. If youre ready to join our team of 2700 diverse individuals access competitive rewards and benefits and be part of a greater movement apply today!

Your Role in Supporting Our Members :

Join our IT Governance Risk and Compliance (IT-GRC) team as a Third-Party Risk Management (TPRM) this role you shall perform TPRM and vendor risk assessments and will work closely with internal stakeholders and vendors to ensure that security and compliance risks are identified assessed and managed effectively in line with internal policies regulatory requirements and industry best practices.

This is a Full-time Permanent role based at Vancity head office. This role will enjoy hybrid working arrangements which can be fulfilled primarily from the Vancity head office location and your Lower Mainland based home office. Periodically youll be required to attend in-person activities or events. This role reports to the Senior Manager of IT GRC.

How Youll Make an Impact :

• Conducting third-party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation engaging with internal stakeholders to understand business requirements and identifying security and compliance gaps
• Reviewing vendor security documentation including SOC reports web application penetration test results and security risk assessments
• Reviewing and providing opinion on vendor provided SoWs contracts and MSAs
• Maintaining and improving third-party risk management processes tools and workflows to streamline risk assessments audit procedures and reporting
• Working with procurement vendor management legal and other business teams to perform due diligence on new vendors and ensure security and compliance requirements are met before onboarding
• Evaluating third-party security incidents or breaches or vulnerabilities and coordinating investigation efforts with internal teams and vendors
• Performing other tasks and responsibilities as assigned

What Youll Bring to the Team :

Extra Skills That Set You Apart :

Youll Thrive Here If You Are :

We value lived experience so if you are interested in this role we encourage you to apply even if you feel your skills dont perfectly align with those listed.

What Youll Earn :

This role offers a salary range of $75700 to $93500 per annum . The base pay offered may vary depending on factors such as relevant qualifications skills previous experience and internal equity. As part of our total rewards package employees may also be eligible for our annual incentive program subject to program eligibility requirements.

Why Youll Love Working Here :

A career at Vancity is more than just a job youre joining a tradition of change-makers who are creating lasting change for our communities. Beyond base pay we offer a comprehensive total rewards package to ensure our employees are empowered to thrive :

Vancity Talent Programs :

Vancity supports an inclusive hiring process for candidates who self-identify as Indigenous Black or Trans. With special permission from the BC Human Rights Commissioner this initiative provides access to career development opportunities prioritized job screening and feedback. Any information you choose to share will be stored securely and used only for recruitment and career development connected to this initiative in line with the BC Personal Information Protection Act (PIPA). For details please see our dedicated Talent Programs job posting.

This role is an open vacancy and our hiring process is grounded in fairness transparency and inclusion. We are also committed to an inclusive barrier-free and accessible recruitment experience for all candidates. If you require any accommodations or support at any stage of the recruitment process (including the application stage) we encourage you to let us know by contacting our Talent Acquisition team at Were here to work with you to ensure your needs are met promptly and effectively. All requests will be handled with the utmost respect and confidentiality so you can participate fully in the process.

Required Experience :

IC

Key Skills

ISO 27001,Microsoft Access,Risk Management,Financial Services,PCI,Risk Analysis,Analysis Skills,COBIT,NIST Standards,SOX,Information Security,Data Analysis Skills

Employment Type : Full-Time

Experience : years

Vacancy : 1

Yearly Salary Salary : 75700 - 93500