Company Description
Ent Credit Union exists to improve the financial quality of life of the people
we serve. This mission drives us every day, but we are more than our
mission. We're also individuals using our unique abilities to make our
organization, and the communities we serve, better than they were
yesterday. We're a not-for-profit that puts people above profits and
actively invests in our community. Our rapidly growing team is expanding our
reach to serve more people throughout Colorado. To spread our mission far and
wide, we need people like you. If you're interested in a paycheck with a
purpose, apply with us today. Our people make the difference, and we truly
believe you are our greatest asset.
Job Description
Ent Credit Union's Business and Technology Risk & Control function is a
team with the responsibility of weighing the innovation and growth initiatives
against the potential and actual risks associated with Ent's third parties
that assist us in delivering quality products and services to our
membership, and evaluating internal business processes and working with
business lines to identify relevant risks and controls around those business
processes. This position is responsible for working with third-party
relationship managers and business partners to conduct periodic risk
assessments, and relationship check-ins, and identify, assess, and
document risks associated with third-party relationships. The Analyst is also
responsible for ensuring that any issues found during risk assessments are
resolved by the appropriate parties. The Analyst will assist with establishing
standards for managing third-party relationships, escalation procedures,
and general best practices when working with third parties. They will act as a
resource, subject matter expert, and second line of defense to business
units partnering directly with third parties. Additionally, the Analyst will
assist the Business Risk and Control Manager to help document key business
processes and work with control owners to determine appropriate risks and
related controls are identified and documented. The Business and Technology
Risk & Control function is a critical second line of defense to comply with
regulations as well as facilitating and following best business practices
which are key to advancing Ent's strategic objectives. The Operational Risk
Management Analyst plays an important part of the overall function of
coordinating due diligence actions, analyzing data to determine third-party
risk ratings, reporting third-party risk to the organization, and
assisting business lines with managing and monitoring third-party
relationships
Essential Functions
Inventory and understand the existing processes, risks, and internal
controls within Ent's Governance, Risk, and Assisting the Business Risk
and Control Manager, working with the business lines to identify,
confirm, and draft risks and internal control activities relevant to the
corresponding processes. Key steps and deliverables to be completed include:
Compliance (GRC) platform (ETRACS) for all business units across the
Credit Union. Conduct and document process walkthrough narratives to document
the process and key control activities. Draft Risk and Control Matrices
(RCMs) for key inherent risks and mitigating controls. Coordinate with
business line management to review, update, and approve RCMs, including
memorializing and retaining evidence of approval. Discuss potential control
gaps with business line management and advise on how to address control gaps.
Present business line management-approved RCMs to the Integrated Risk
Management Committee (IRMC) for approval prior to coordinating with the
ETRACS administrator to enter risks and controls into ETRACS. Once RCMs are
entered into ETRACS, confirm all information is accurate, complete, and
appropriately linked to processes as approved by business line management.
Advise business line mana ement on opportunities to improve procedures to
refle
Coordinate due diligence activities with internal relationship managers and
external third parties including the following: Work with BL, SME, and
other stakeholders to drive timely and accurate progression of TPRM Program
activities, including initial planning, as well as rendering credible
challenge, oversight, and approvals during assessments and BL Ongoing
Management attestations. Facilitate risk management lifecycle activities for
designated Critical Activity Third Parties and other Third Party (TP)
Relationships as determined by policy, including oversight of defined risk
management activities, facilitating Board reporting of in-scope Third
Parties, and facilitating coordinated concentration risk assessment of
in-scope Third Parties and TP Relationships in conjunction with impacted BLs.
Provide guidance and promote/complete TPRM Program training, including
providing communication and training directly to BL personnel regarding TPRM
Program changes. Promote BL support of cross-BL risk management (i. e. ,
Shared TP Relationships). Support aggregation of risk metrics and consistent
reporting to BL Management and TPRM Function, to allow the BL to analyze
strategic Third Party alignment and concentration risk. Assist timely response
to matters identified by Second Line of Defense Quality Assurance programs,
Credit Union Internal Audit, regulators, or other auditors and
examiners, and escalate to BL Management and the TPRM function when
identified ?risks approach the Credit Union's risk appetite limits. Assist
in T
Foster relationships between Ent Relationship Managers and third parties
including the following:...
Equal Opportunity Employer -
minorities/females/veterans/individuals with disabilities/sexual
orientation/gender identity