Third Party Risk Analyst
Support critical third-party risk and vendor governance activities within a fast-paced insurance environment. This hybrid opportunity offers exposure to compliance, audit, supplier monitoring, and emerging risk initiatives while collaborating with cross-functional teams. Enjoy a flexible work model with on-site collaboration days on Tuesday, Wednesday, and Thursday in Toronto.
What is in it for you:
- Salaried: $40-46 per hour.
- Incorporated Business Rate: $46-53 per hour.
- 6-month contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Day schedule, 37.50 hours per week.
- Hybrid: 3 days/week in Toronto office.
Responsibilities:
- Conduct inherent risk assessments to evaluate third-party risk based on service criticality, data sensitivity, and regulatory impact.
- Perform financial due diligence, including analysis of supplier financial health and credit ratings.
- Conduct adverse and negative media reviews to identify reputational, legal, or operational risks.
- Assess supplier risk posture and identify areas requiring additional due diligence or mitigation.
- Support contract owners and business stakeholders through training and guidance on third-party risk management practices.
- Support ongoing supplier monitoring and governance activities across the vendor lifecycle.
- Conduct ongoing monitoring activities to ensure suppliers maintain effective control environments.
- Support governance activities, including periodic supplier reviews and documentation of risk posture.
- Track and manage issues, risk findings, and policy exceptions while ensuring timely resolution.
- Monitor supplier risk indicators, including financial performance, adverse media, and emerging global risks.
- Ensure adherence to internal third-party risk management policies and standards.
- Support regulatory compliance activities, including alignment with OSFI B-10 or equivalent guidelines.
- Assist with internal and external audits, including documentation and remediation tracking.
- Maintain accurate and complete risk assessment documentation and audit trails.
- Partner with business units, procurement teams, and risk functions to support vendor oversight activities.
- Communicate risk assessment outcomes and recommendations clearly to stakeholders.
- Contribute to the enhancement of third-party risk management processes, tools, frameworks, dashboards, and metrics.
- Stay informed on emerging risks, regulatory changes, and industry best practices.
What you will need to succeed:
- Degree in a related field or equivalent combination of education and experience.
- 2–5 years of experience in Third-Party Risk Management, Vendor Risk, Compliance, Audit, or Operational Risk.
- Experience conducting inherent risk assessments and due diligence activities.
- Experience performing financial reviews and adverse media reviews.
- Strong understanding of the vendor risk lifecycle, including onboarding, monitoring, and governance activities.
- Knowledge of risk-based assessment methodologies.
- Familiarity with regulatory guidelines such as OSFI B-10 is considered an asset.
- Experience reviewing SOC reports, ISO certifications, or equivalent control documentation is preferred.
- Experience using TPRM tools or platforms such as Archer, Ivalua, or ProcessUnity is considered an asset.
- Understanding of cybersecurity and information security risk concepts.
- Exposure to emerging technology risks such as AI, cloud, and global risk landscape considerations.
- Strong analytical, audit, compliance, and risk assessment skills.
- Excellent stakeholder communication and relationship management abilities.
- Strong attention to detail and ability to assess control environments.
- Training and facilitation skills.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
#RA1
Pay: $40.00-$53.00 per hour
Benefits:
Application question(s):
- This role is hybrid in Toronto. Are you comfortable working in-office 3 days per week?
Experience:
- Third-Party Risk, Compliance, Audit, or Operational Risk: 2 years (required)
- Conducting inherent risk assessments and due diligence: 2 years (required)
- Vendor risk lifecycle, onboarding, monitoring/governance: 1 year (required)
- Performing financial reviews and adverse media screening: 2 years (required)
- Regulatory guidelines, OSFI B-10 or similar frameworks: 1 year (preferred)
- SOC reports, ISO certifications, or control documentation: 1 year (preferred)
- TPRM tools/Platforms such as Archer, Ivalua, or ProcessUnity: 1 year (preferred)
- Cybersecurity and information security risks: 1 year (preferred)
- Emerging risks, AI, cloud, and the global risk landscape: 1 year (preferred)
Work Location: Hybrid remote in Toronto, ON M4W 1E6
