Senior Third Party Risk Management Analyst

Date: Mar 25, 2020

Division or Field Office:

Office Of The President

Department of Position: Employment & Privacy Dept 

Work from:

Work from home in ERIE's Footprint


At Erie Insurance, you’re not just part of a Fortune 500 company; you’re also a valued member of a diverse and inclusive team that includes more than 5,000 employees and over 2,200 independent agencies.  Our Employees work in the Home Office complex located in Erie, PA, and in our Field Offices that span 12 states and the District of Columbia.  To attract and retain the best talent, we reward our team members with competitive salaries and a very generous benefits package.


Position Summary

Erie Insurance is continuing to hire and is utilizing virtual interviews to ensure the well-being of our candidates and employees. Please note there may be delays in our hiring process.


Conducts risk assessments to evaluate the security and integrity of vendors that have access to ERIE data to confirm they are properly vetted from an information security, business continuity and recovery, risk management and governance, software/infrastructure development and support and privacy perspective, and associated controls are in place or mediated prior to establishing or continuing operations with the vendor.

The Hiring Manager will also consider candidates for Third Party Risk Management Analyst II; level of position offered will be based upon the depth and breadth of selected candidate’s experience and qualifications. 


This position ideally works from the Home Office in Erie, PA. Consideration may be given for remote work.


Periodic travel will be required in this role.

Duties and Responsibilities

Analyzes responses to third party assessment questionnaires and reviews supporting documentation (SOC reports, etc.) received from vendors to identify and evaluate the risks in establishing or continuing operations with them.


Interviews key vendor personnel, as necessary, to gain additional insight and/or clarify response to completed questionnaires.


Composes assessment reports containing findings and recommendations and presents to the business and the third party, where appropriate.


Works as a subject matter expert with other subject matter experts from the Law, Privacy, Information Security, Enterprise Risk Management, Sourcing and Vendor Management, Business Continuity and Disaster Recovery Departments and business areas to apply risk assessment criteria in line with corporate policies.


Works directly with vendors to assist them in effectively managing operational risks related to the identification of potential areas of concern with business processes, applications and systems.


Assigns an overall risk rating with refined qualifications based on potential risk in business processes, applications and systems.


Works with internal business owners to assist them and, if necessary, build a plan for effectively managing third party operational risks related to business processes, applications and systems.


Works with interdisciplinary teams across ERIE to ensure identified risks that require mitigation have a plan developed and are executed for resolution.


 With assistance from the business,eads and conducts onsite assessments for evidence around a vendor's capabilities, governance and controls.


Promotes and delivers continuous training and awareness to business partners on vendor risks and enhance ERIE's internal service model that informs business owners of key risks in a timely manner.


Works with the Law Division and the Sourcing and Vendor Management Department to provide input for contract design related to key provisions for vendor risk management.



Grows professionally by focusing on continuous improvements and staying abreast of industry, regulatory, compliance and cybersecurity issues and best practices.


Provides guidance to Sourcing and Vendor Management on best practices and continuous improvement for processes, assessments and other operational activities.


Ability to Manage Complexity
Decision Making
Developing And Maintaining Relationships
Information Management Skills
Interpersonal Communication
Job-Specific Knowledge
Planning And Organizing
Problem Analysis
Service Orientation
Time Management

Bachelor's degree in Business or Risk Management or Information Technology or equivalent experience required. Five years' related work experience in risk management and/or internal controls required.


Associates degree in Business or Risk Management or Information Technology and six years experience in risk management and/or internal controls; or


High school diploma or GED and eight years experience in risk management and/or internal controls required.



Working experience of Information Security and information security frameworks (NIST BITS, etc.), insurance or financial services industries, auditing and/or IT auditing (SOC). This position requires periodic travel. CISA, CISM, CRISC, CISSP, CTPRP or related certifications preferred, but not required.

Physical Requirements
Climbing; Rarely
Driving; Occasional (<20%)
Lifting 0-20 lbs; Frequent (50-80%)
Lifting 20-50 lbs; Frequent (50-80%)
Lifting 20-50 lbs; Rarely
Manual Keying/Data Entry; Frequent (50-80%)
Pushing/Pulling; Rarely

Nearest Major Market: Erie

Job Segment: Law, Compliance, Information Security, Legal, Technology