Chat Now

with a recruiter from Vaco about the Risk Analyst position

Enter your information to start chatting

We’ll remember your info for future chats

Sign in with your FlashRecruit credentials

Connect with


Risk Analyst

Charlotte, NC, United StatesVaco


Supplier Risk and Vendor Management professionals, you have put so much time and effort into your career – why let your resume get lost in the shuffle? Let Vaco serve as your advocate in presenting you to our top client who is looking for 2 Risk Analysts. Our recruiting staff gives you an advantage over your competition by promoting your strengths and assets directly to hiring managers while helping you to be more prepared for your interviews.

From keeping you up to date on market trends and industry expectations to providing you with valuable insight into the company culture, compensation expectations and growth opportunities of specific clients, Vaco will give you the edge you need in today’s highly competitive job marketplace. If you have a financial audit background and are looking to take that next career step, let Vaco open the door for you. Apply today!

Position Description

Serves as a risk analyst who is fully dedicated to supplier risk management to the Supplier Risk Management group within the Global Supply Chain (GSC) organization. Position will report directly into the Security Governance & Risk team and on a dotted line basis to the Risk Manager. Receives all work assignments from the Risk Manager. Conducts risk assessments and analysis of suppliers who provide high risk services to internally and its subsidiaries, focusing on information security.

Job Responsibilities

  • Evaluate third party supplier risk information security controls and ensure they are aligned with internal standards
  • Review and understand the inherent risk characteristics for sourcing deals
  • Apply corporate methodologies relating to information security as well as the Operational Risk Management Methodology and approaches
  • Develop recommendations for use by Global Supply Chain, Information Protection and Risk Management, line of business personnel, and various risk councils
  • Enter and track findings in enterprise systems (e.g., Ariba, OpenPages)
  • Participate in the development and improvement of assessment methodology and tools
  • Maintain subject matter expertise in information security as well as supplier management
  • Provide advice to Sourcing Consultants, Legal, etc. to on risk areas during contract negotiations
  • Assess supplier controls in regards to the specific services they are providing
  • Examples of analysis include:
    • Review supplier policies, standards & procedures
    • Review supplier responses to supplier risk questionnaire and review all pertinent artifacts
    • Review independent assessments conducted by risk and compliance organizations
    • Assess supplier information technology general controls or review assessments thereof
    • Discuss risk and controls with suppliers and risk managers to clarify as needed
    • Conduct on-site supplier inspections of supplier controls


  • Experience in the banking industry; preferably at a large bank holding company (BHC)
  • Understanding of federal banking guidelines/requirements
  • Knowledge of:
    • Information systems' security risks and controls
    • Federal Financial Institutions Examination Council (FFIEC) guidance and work plans
    • Recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS
    • Compliance aspects of GLBA, EU Data Protection Directive, Sarbanes-Oxley, and other relevant laws and regulations
  • Industry certification preferred (e.g., CISSP, CISM)
  • BS/BA or equivalent experience required
  • Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues