Senior Third Party Risk Management Analyst

Date: Jan 4, 2019

Location: Erie, PA, US, 16530

Job requisition: 12497
Share this Job

Division or Field Office:

Office Of The President

Department of Position: Employment & Privacy Dept 

Work from:

Corporate Office, Erie, PA


At Erie Insurance, you’re not just part of a Fortune 500 company; you’re also a valued member of a diverse and inclusive team that includes more than 5,000 employees and over 2,200 independent agencies.  Our Employees work in the Home Office complex located in Erie, PA, and in our Field Offices that span 12 states and the District of Columbia.  To attract and retain the best talent, we reward our team members with competitive salaries and a very generous benefits package.


Position Summary

Conducts risk assessments to evaluate the security and integrity of vendors that have access to ERIE data to confirm they are properly vetted from an information security, business continuity and recovery, risk management and governance, software/infrastructure development and support and privacy perspective, and associated controls are in place or mediated prior to establishing or continuing operations with the vendor.

  • This position ideally works from the Home Office in Erie, PA. Consideration may be given for remote work.
  • Candidates with below minimum qualifications may be considered for a Third Party Risk Management Analyst II or I. Number of years and scope of experience determine level.
  • There are two positions available. 

Duties and Responsibilities

Analyzes responses to third party assessment questionnaires and reviews supporting documentation (SOC reports, etc.) received from vendors to identify and evaluate the risks in establishing or continuing operations with them.


Interviews key vendor personnel, as necessary, to gain additional insight and/or clarify response to completed questionnaires.


Composes assessment reports containing findings and recommendations and presents to the business and the third party, where appropriate.


Works as a subject matter expert with other subject matter experts from the Law, Privacy, Information Security, Enterprise Risk Management, Sourcing and Vendor Management, Business Continuity and Disaster Recovery Departments and business areas to apply risk assessment criteria in line with corporate policies.


Works directly with vendors to assist them in effectively managing operational risks related to the identification of potential areas of concern with business processes, applications and systems.


Assigns an overall risk rating with refined qualifications based on potential risk in business processes, applications and systems.


Works with internal business owners to assist them and, if necessary, build a plan for effectively managing third party operational risks related to business processes, applications and systems.


Works with interdisciplinary teams across ERIE to ensure identified risks that require mitigation have a plan developed and are executed for resolution.


 With assistance from the business,eads and conducts onsite assessments for evidence around a vendor's capabilities, governance and controls.


Promotes and delivers continuous training and awareness to business partners on vendor risks and enhance ERIE's internal service model that informs business owners of key risks in a timely manner.


Works with the Law Division and the Sourcing and Vendor Management Department to provide input for contract design related to key provisions for vendor risk management.



Grows professionally by focusing on continuous improvements and staying abreast of industry, regulatory, compliance and cybersecurity issues and best practices.


Provides guidance to Sourcing and Vendor Management on best practices and continuous improvement for processes, assessments and other operational activities.



Ability to Manage Complexity

Decision Making

Developing And Maintaining Relationships


Information Management Skills

Interpersonal Communication

Job-Specific Knowledge

Planning And Organizing

Problem Analysis

Service Orientation

Time Management


Bachelor's degree in Business or Risk Management or Information Technology or equivalent experience required. Five years' related work experience in risk management and/or internal controls required.


Associates degree in Business or Risk Management or Information Technology and six years experience in risk management and/or internal controls; or


High school diploma or GED and eight years experience in risk management and/or internal controls required.



Working experience of Information Security and information security frameworks (NIST BITS, etc.), insurance or financial services industries, auditing and/or IT auditing (SOC). This position requires periodic travel. CISA, CISM, CRISC, CISSP, CTPRP or related certifications preferred, but not required.

Physical Requirements

Climbing; Rarely

Driving; Occasional (<20%)

Lifting 0-20 lbs; Frequent (50-80%)

Lifting 20-50 lbs; Frequent (50-80%)

Lifting 20-50 lbs; Rarely

Manual Keying/Data Entry; Frequent (50-80%)

Pushing/Pulling; Rarely

Nearest Major Market: Erie

Job Segment: Law, Compliance, Information Security, Legal, Technology

Find similar jobs: