Objectives of this Role 

We are seeking a highly motivated and detail-oriented individual to join our team as a Senior Enterprise Risk Analyst.  This high visibility role will play a key part in shaping the Enterprise Risk Management (ERM) functions of Third-Party Risk Management (TPRM), Business Resilience, and IT Governance.  The ideal candidate will possess analytical rigor, sound risk judgement, experience in financial services risk disciplines, and the ability to operate confidently with all levels of leadership within the organization, translating complex risk signals into insights that inform Executive and Board decision‑making.  

The Senior Enterprise Risk Analyst role is positioned within ERM, a business unit in the Second Line of Defense, which partners with Management in the First Line of Defense, with an independent perspective to help ensure risks and controls are properly managed to strengthen the Bank’s risk posture that supports safe, sound, and sustainable growth. 

Essential Functions 

General: 

• Support enterprise-wide risk identification, assessment, and monitoring activities, including emerging risks and model risk management. 

• Develop and prepare risk reporting and dashboards for Senior Leadership and Board committees. 

• Contribute to ongoing ERM framework enhancements, control evaluations, and risk program initiatives. 

•  Apply professional judgment to assess risk impact, likelihood, and control effectiveness in situations involving ambiguity or incomplete information. 

Third-Party Risk Management:  

• Develop and execute the vendor review plan in accordance with the TPRM Policy requirements and regulatory expectations. 

• Perform ongoing vendor monitoring, including assessment of information security, financial stability, insurance, and overall vendor control environment. 

• Partner with business leaders to perform new vendor onboarding, including initial risk assessment and review of vendor due diligence documents in the TPRM system. 

• Collaborate with business leaders on contract reviews and coordinate with Legal as needed in accordance with the TPRM Policy. 

• Monitor contract cycles, track upcoming renewals, report renewals to Senior Leadership, and ensure accurate information in the TPRM system. 

Business Resilience: 

• Partner with business leaders to update and maintain business continuity plans. 

• Assist with planning and execution of resilience exercises (tabletop exercises, critical function testing, and incident response simulations). 

• Track program enhancements, management responses, target dates, and follow-up as necessary.  

IT Governance:  

• Develop and maintain the annual system user access review (UAR) plan as part of the Bank’s overall identity and access management (IAM) program. 

• Partner with business leaders to ensure timely and reasonable completion of system UARs. 

• Conduct monitoring of employee offboarding and internal transfers for compliance with IAM procedures.  

• Assist with updates to the annual cybersecurity risk assessment and cybersecurity maturity assessment. 

Other Duties 

 
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities are as required and may change at any time with or without notice. 

Competencies 

• Customer Centric Focus 

• Diversity and Inclusion 

• Act with Integrity 

• Collaboration and Teamwork 

• Results Oriented/Execution 

• Business Acumen 

Skills and Qualifications 

• Bachelor’s degree in Business, Accounting, Information Technology, Cybersecurity, or a related field. 

• Minimum 3 years of experience in enterprise risk management, internal audit, TPRM, IT risk management, or related field within the financial services industry. 

• Strong understanding of risk management principles, banking operations, regulatory requirements, and industry best practices. 

• Demonstrated ability to analyze risk, impact, and likelihood; assess controls; and form sound, evidence-based recommendations.  

• High attention to detail, strong organization skills, and the ability to create structure in ambiguous situations.  

• Excellent communication skills with the ability to translate complex concepts for multiple audiences. 

• Experience collaborating with business leaders and influencing outcomes without direct authority.  

• Professional certifications such as CIA, CISA, or CRISC are a plus. 

Physical Demands 

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.