Senior Analyst/analyst, Third Party Risk Management

We are looking the Senior Associate, Third Party Assessments is a common point of Subject Matter Expertise providing third party risk assessment support and advice to NAB's Divisions. This role is critical in driving understanding of Supplier controls and ensuring our risk management has the necessary third party rigour to protect the bank.

YOUR JOB RESPONSIBILITIES

• Validation of Initial Assessments to assess Materiality and Outsourcing outcomes as per APRA CPS231 requirements​

• Validation of Inherent Risk Assessments (IRA) and assessment of Third Party Assessments (TPA) for all of NAB’s suppliers. ​

• Providing advice and guidance to the business to ensure all outsourcing and third-party arrangements are within the Group Risk Appetite Statement

• Designing controls with control owners across the enterprise and facilitating documentation in our risk management system for targeted controls; confirming appropriate implementation of controls​

• Supporting the business to build or uplift Supplier controls​

• Performing Assurance over Supplier performance in meeting risk requirements including the CPS 231 and 234 compliance checks​

• Supporting activities/projects with TPRM.​

• Communicating and driving best practice and consistency across the enterprise specific to third-party risk assessment activities​

• Supporting key stakeholders and 2nd line risk partners with the execution of key processes related to third-party risk assessment activities including the review and endorsement of various dashboards​

• An understanding of information security and business continuity/disaster recovery controls along with a working knowledge of following standards/frameworks - ​APRA CPS 234​

• ISO 27001 and ISO 22301​

• NIST Cyber Security Framework​

• An information security/BCM related certification (CISM/CISSP/Lead auditor for infosec/BCP) would be a plus.

• 5+ years in operational risk management

• Knowledge of control design and assurance methodologies

• Strong stakeholder management skills

• Inquisitive

• Analytical, and critical thinker

• Ability to influence

• Strong problem solving

• Knowledge of relevant Prudential Standards (eg CPS 231 Outsourcing, CPS234 Information Security )

• Proactive attitude