Enterprise and Vendor Risk Analyst

Posted about 22 hours ago Apply by March 24, 2026
Hybrid-Remote Waterloo & Cedar Falls, IA
Full-Time
Apply Now

Summary

The Enterprise and Vendor Risk analyst plays a critical role in supporting the credit union's enterprise risk management (ERM) framework and vendor/ Third Party Risk Management (TPRM) program. This role identifies, assesses, monitors, and reports on risks across business units and external relationships to ensure compliance with regulatory requirements, alignment with organizational risk appetite, and protection of the credit union’s financial stability, operational resilience, and reputation.

Essential Functions

  • Assist with conducting enterprise and operational risk assessments (including Risk and Control, Self-Assessment (RCSA) style assessments) to help identify, assess, and document inherent risks, control effectiveness, mitigation activities, and residual risk levels.
  • Support the maintenance and updating of risk registers, risk taxonomies, and risk assessment documentation in alignment with the credit union’s ERM framework and risk appetite.
  • Help monitor, analyze, and report key risk indicators (KRIs), trends, and emerging risks; provide recommendations to Management for mitigation and assist in tracking action plans.
  • Assist with preparing risk committee materials and management/Board reporting, including dashboards, heat maps, and narrative summaries of key risks and remediation progress.
  • Support ongoing development and enhancement of the vendor/ TPRM program, including updates to policies, standards, procedures, and templates.
  • Maintain and update vendor inventory and the vendor management database, including criticality classifications, services provided, data access levels, and contract attributes.
  • Perform and document third-party due diligence and risk assessments (initial and ongoing), including but not limited to: review of financial condition, Service Organization Control (SOC), independent audit reports, cybersecurity controls, business continuity/disaster recovery, insurance coverage, compliance attestations, and Nth party dependencies.
  • Coordinate contract and renewal reviews with procurement, legal, compliance, information security, and stakeholders  to ensure appropriate risk clauses and required protections are incorporated.
  • Support monitoring vendor performance and service-level compliance; track issues, exceptions, and remediation actions; and escalate material concerns based on defined thresholds.
  • Assist with periodic risk reassessments for critical and high-risk vendors, including concentration risk reviews and assessment of geographic/operational resilience.
  • Contribute to Business Continuity Planning via Business Impact Analysis, Incident Response, Disaster Recovery, and Tabletop activities.
  • Collaborate with departments to support the integration of risk controls into processes, including changes related to new vendors, services, systems, or process enhancements.
  • Assist in developing and delivering risk awareness guidance or training for business owners on ERM and third-party risk expectations and oversight.
  • Support continuous improvement efforts by identifying workflow enhancements, potential automation opportunities (e.g. GRC/TPRM tools), and ways to improve data quality and reporting.
  • Participate in risk governance forums (risk committees, steering groups) and contribute to enterprise risk discussions as appropriate.
  • Assist with internal audits and regulatory examinations by gathering risk-related documentation and proof of control activities.
  • Stay informed on applicable regulations and guidance (e.g., NCUA, FFIEC, privacy and information security expectations) and assist in translating requirements into practical risk management actions.
  • Knowledgeable of credit union operations and various systems utilized throughout the organization.
  • Create excellent service experiences that promote the Veridian brand.

Key Attributes

  • Oral and written communication skills.
  • Member service focus.
  • Attention to detail and accuracy.
  • Positive attitude that supports a team environment.
  • Dependable and punctual; flexible during peak times.
  • High level of confidentiality.
  • Organizational skills.
  • Self-motivated; ability to work without close supervision.
  • Problem solving; analysis.

Working Conditions

This job operates in a professional office environment and routinely uses standard office equipment.

Travel

Limited travel expected.

Required Education And Experience

  • Bachelor's Degree in Finance, Economics, Business Administration, Risk Management, Information Systems, or related field or the equivalent combination of education, training, and experience of 8+ years.
  • 4+ years progressive work experience at a financial institution, preferably a credit union.
  • Proficiency with Microsoft Office Suite.

Preferred Education And Experience

  • Experience with completing risk assessments and control evaluations.
  • Experience with third-party vendor due diligence and ongoing monitoring.
  • Certifications and/or credentials relevant to ERM or TPRM.

Other Duties

Veridian Credit Union is a PCI compliant financial institution to ensure the security of member information. As such, all employees are expected to ensure security measures are in place and adhered to regarding PCI and other highly secure data compliance requirements.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Apply Now