Third Party Risk Analyst
Support critical third-party risk and vendor governance activities within a fast-paced insurance environment. This hybrid opportunity offers exposure to compliance, audit, supplier monitoring, and emerging risk initiatives while collaborating with cross-functional teams. Enjoy a flexible work model with on-site collaboration days on Tuesday, Wednesday, and Thursday in Toronto.
What is in it for you:
• Salaried: $40-46 per hour.
• Incorporated Business Rate: $46-53 per hour.
• 6-month contract with the potential for permanent employment.
• Full-time position: 37.50 hours per week.
• Day schedule, 37.50 hours per week.
• Hybrid: 3 days/week in Toronto office.
Responsibilities:
• Conduct inherent risk assessments to evaluate third-party risk based on service criticality, data sensitivity, and regulatory impact.
• Perform financial due diligence, including analysis of supplier financial health and credit ratings.
• Conduct adverse and negative media reviews to identify reputational, legal, or operational risks.
• Assess supplier risk posture and identify areas requiring additional due diligence or mitigation.
• Support contract owners and business stakeholders through training and guidance on third-party risk management practices.
• Support ongoing supplier monitoring and governance activities across the vendor lifecycle.
• Conduct ongoing monitoring activities to ensure suppliers maintain effective control environments.
• Support governance activities, including periodic supplier reviews and documentation of risk posture.
• Track and manage issues, risk findings, and policy exceptions while ensuring timely resolution.
• Monitor supplier risk indicators, including financial performance, adverse media, and emerging global risks.
• Ensure adherence to internal third-party risk management policies and standards.
• Support regulatory compliance activities, including alignment with OSFI B-10 or equivalent guidelines.
• Assist with internal and external audits, including documentation and remediation tracking.
• Maintain accurate and complete risk assessment documentation and audit trails.
• Partner with business units, procurement teams, and risk functions to support vendor oversight activities.
• Communicate risk assessment outcomes and recommendations clearly to stakeholders.
• Contribute to the enhancement of third-party risk management processes, tools, frameworks, dashboards, and metrics.
• Stay informed on emerging risks, regulatory changes, and industry best practices.
What you will need to succeed:
• Degree in a related field or equivalent combination of education and experience.
• 2–5 years of experience in Third-Party Risk Management, Vendor Risk, Compliance, Audit, or Operational Risk.
• Experience conducting inherent risk assessments and due diligence activities.
• Experience performing financial reviews and adverse media reviews.
• Strong understanding of the vendor risk lifecycle, including onboarding, monitoring, and governance activities.
• Knowledge of risk-based assessment methodologies.
• Familiarity with regulatory guidelines such as OSFI B-10 is considered an asset.
• Experience reviewing SOC reports, ISO certifications, or equivalent control documentation is preferred.
• Experience using TPRM tools or platforms such as Archer, Ivalua, or ProcessUnity is considered an asset.
• Understanding of cybersecurity and information security risk concepts.
• Exposure to emerging technology risks such as AI, cloud, and global risk landscape considerations.
• Strong analytical, audit, compliance, and risk assessment skills.
• Excellent stakeholder communication and relationship management abilities.
• Strong attention to detail and ability to assess control environments.
• Training and facilitation skills.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
