Third Party Risk Management Analyst

Come work with us:

Metropolitan Commercial Bank (the “Bank”) is a full-service commercial bank based in New York City. The Bank provides a broad range of business, commercial, and personal banking products and services to individuals, small businesses, private and public middle-market and corporate enterprises and institutions, municipalities, and local government entities.

Metropolitan Commercial Bank was named one of Newsweek’s Best Regional Banks and Credit Unions 2024. The Bank was ranked by Independent Community Bankers of America among the top ten successful loan producers for 2023 by loan category and asset size for commercial banks with more than $1 billion in assets. Kroll affirmed a BBB+ (investment grade) deposit rating on January 25, 2024. For the fourth time, MCB has earned a place in the Piper Sandler Bank Sm-All Stars Class of 2024.

Metropolitan Commercial Bank operates banking centers and private client offices in Manhattan, Boro Park, Brooklyn and Great Neck on Long Island in New York State.

The Bank is a New York State chartered commercial bank, a member of the Federal Reserve System and the Federal Deposit Insurance Corporation, and an equal housing lender. The parent company of Metropolitan Commercial Bank is Metropolitan Bank Holding Corp. (NYSE: MCB).

Position Summary:

Metropolitan Commercial Bank’s (MCB) Enterprise Risk Management team is responsible for systemically managing risk, such that the Bank has a regular, comprehensive view of its risk profile as well as of key trends and emerging risks that could potentially affect MCB’s overall risk profile. We ensure that Risk and senior leadership are consistently informed on the holistic risk profile, inclusive of financial and non-financial risks, in a way that facilitates strategic planning and risk decision making.

The Third-Party Risk Management (TPRM) Analyst will work within MBC’s Enterprise Risk Management Department to support the development, implementation, and maintenance of a comprehensive TPRM framework. The successful candidate will be an important team player, assisting with the full scope of TPRM projects as necessary.

This position will report to the Director of Third-Party Risk Management and will be based in New York City.

Essential duties and responsibilities:

• Conduct risk assessments on third-party vendors, focusing on cybersecurity, operational resilience, and compliance with regulatory standards (e.g., FFIEC, FRB, NYDFS, GLBA)
• Work with internal teams (IT, Legal, Compliance) to assess third-party risk through the vendor lifecycle (onboarding, due diligence, monitoring, and termination).
• Quick ability to learn new vendor management software.
• Review SOC reports, penetration tests, and security questionnaire to assess third-party security posture for vendors.
• Develop and maintain third-party risk metrics, dashboards, and reports for senior management and regulatory bodies.
• Support incident response planning for third-party breaches or disruptions.
• May need to travel to assess critical vendors under the supervision of management.

Required knowledge, skills and experience:

• Bachelor’s degree, in Information Security, Cybersecurity, Business, Risk Management or related field.
• 3+ years of experience within third-party risk management, cybersecurity, IT audit, or risk/compliance (i.e., Compliance, Operational, Credit) within the financial services industry.
• Experience with vendor risk assessment methodologies and governance best practices.
• Knowledge of bank products, regulatory guidelines, BSA/AML/OFAC, UDAAP and Regulation E and other applicable regulations is a plus for growth in this position.
• Proficiency in Microsoft Office Suite (e.g. Excel and PowerPoint)
• Experience designing and implementing reports for executive and Board leadership.

Preferred knowledge, skills and experience:

• Industry certifications: CISSP, CISA, CRISC, CISM, or CCSK
• Experience with third-party risk management platforms or GRC tools such as Riskonnect
• Knowledge of cloud security and third-party SaaS risk (AWS, Azure, Google Cloud)
• Experience with Nth Party Risk.
• Excellent attention to detail, analytical and organizational skills required.
• A self-starter with ability to prioritize workflow to ensure deadlines are met and ability to function efficiently under pressure
• Vendor onsite assessment criteria.

Potential Salary: $100,000 - $115,000 annually

This salary range only reflects base wages and does not include benefits, bonus, or incentive pay. Salary bands are purposefully wide ranging to encompass the different factors considered in determining where a candidate falls in the range, including but not limited to, seniority, performance, experience, education, and any other legitimate, non-discriminatory factor permitted by law.

Metropolitan Commercial Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.