Phase2 Technology
About The Role
The Senior Third-Party Risk Analyst will report to the Corporate Third-Party Risk Manager and serve in a lead capacity to manage, mature, and enhance the TPRM program. The role requires experience evolving risk management programs, including assessing current state processes, defining future state requirements, and executing strategic enhancements that drive efficiency, scalability, and enterprise value.
The Analyst collaborates with other Third-Party Risk Analysts and provides thought leadership across all aspects of the TPRM program, including governance, regulatory compliance, and design and implementation of program enhancements. The role plays a key part in the implementation and optimization of third-party risk management technology, configuring a new TPRM tool to align with regulatory, operational, and business needs while introducing enhanced features, streamlining workflows, and reducing stakeholder friction. The position also manages and coordinates activities across the full third-party life cycle, including planning, ongoing monitoring, due diligence, and off‑boarding.
From a company-wide perspective, the Senior Analyst supports the program through training, communication, adherence, and continuous maturation efforts. Responsibilities include coordinating timely due diligence activities; exercising independent judgment and discretion, supporting risk mitigation efforts, and analyzing vendor financial conditions, business continuity, compliance information security, cybersecurity risk and the overall control environment to ensure alignment with GBCI standards. The role is responsible for identifying areas of risk or concern, recommending and implementing solutions, and supporting new automation, system functionality and product enhancements.
Additionally, the Analyst reviews required contract provisions and information security controls, provides effective challenge, and supports contract execution and ongoing contract management. This role requires significant cross-functional coordination and the ability to influence and gain buy‑in from stakeholders across the organization.
The position is part of our Enterprise Risk Management team, which supports senior management and the Board of Directors in assessing, identifying, mitigating, and monitoring the corporation’s key risks to protect its long-term safety and soundness. The department operates in a fast‑paced, evolving environment and requires the ability to maintain focus, adaptability, and productivity while managing competing priorities.
This is a Corporate position which may be located at an available bank division location across our nine-state footprint in AZ, CO, ID, MT, NV, TX, UT, WA, or WY. The entry rate for this position is $69,464.94 + / per year (calculated for Kalispell, MT).
All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.
WA Applicants ONLY: Range $75,663.06 to $113,494.60 per year
Description
Help lead the design, build, implementation, and optimization of third party risk management technology platform and supporting processes, including execution of strategic initiatives to modernize the TPRM operating model. Assess current state processes and technology capabilities, compare against regulatory expectations and future state requirements, and identify gaps requiring remediation or enhancement.
Provide Program guidance for risk-based due diligence reviews across third and fourth party relationships. Utilize the bank’s risk profile framework to assess inherent risk and accurately risk-rate third parties, with particular focus on operational, information security, cybersecurity and compliance risk. Partner with Third Party Relationship Owners to facilitate completion of due diligence requirements, review and challenge provided due diligence. Escalate material risks and issues to third-party risk as appropriate.
Develop, enhance and maintain the overall TPRM Program through updates to policies, procedures, governance, templates, technology, training and communication. Ensure effective use of the third party risk management system across all phases of the third party lifecycle and maintain alignment with applicable regulations and current cyber risk mitigation practices. Lead initiatives to clearly define and monitor third party access to sensitive customer, employee, and bank data and systems.
Manage the contract review process with business units and division staff to ensure contract language appropriately protects the bank’s interest, reduces operational, legal and financial risk, and includes required contractual provisions. Support contract execution, ongoing contract management, and contract termination processes to ensure the secure return or destruction of customer, employee, and bank information.
Create, enhance and deliver management and board reporting, including third-party inventories, dashboards, performance metrics, issue tracking, risk acceptance and findings. Effectively communicate results and recommendations to audiences at all levels of the organization and identify risks requiring escalation.
Monitor regulatory and industry developments related to third-party risk management and proactively enhance the program to align with evolving expectations and best practices. Provide leadership to ensure compliance with Inter-agency Guidance on TPRM and related regulatory requirements, and serve as the key point of contact with regulators, auditors, consultants, and other external parties.
Support the Enterprise Risk Management function through activities such as report development, technical writing, regulatory reporting and research of emerging risk issues as needed.
Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date.
About You Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education
Required:
Bachelor’s Degree – Bachelor's degree in Business Administration, Finance, Accounting, Mathematics, Economics, Computer Science, Business Information Systems or other business related field
Preferred:
Legal education such as paralegal studies; Juris Doctor (JD)
Experience
Required:
5 years experience in developing and managing risk activities such as legal, vendor/third-party, information security, compliance, audit, regulatory, consulting, or other related program
Required: 2 years of experience in conducting assessments of contracts, agreements, regulations, laws, or other complex technical documents, including the ability to interpret, challenge, and recommend revisions
Required: 1 year experience in reading and understanding SSAE 18 Reports, SOC Reports, ISO Certifications, industry standard SIG framework, and Cloud Security Questionnaires (preferred)
Required: Advanced / Specialized Knowledge – Microsoft Word and Excel
Preferred: Knowledge of RCSA and logging vendor deficiencies
Preferred: Banking or financial industry knowledge and experience
Preferred: Knowledge of information security and cyber risk as it pertains to vendor management
Preferred: Understanding of federal banking guidelines and regulations, specifically related to third-party risk requirements
Preferred: Experience utilizing GRC tools to assess, manage, track, and report on third-party risk
License / Certification
Preferred: Certified Third-Party Risk Professional (CTPRP), Certified Third-Party Risk Assessor (CTPRA), Third Party Cyber Risk Assessor (TPCRA), or Certified Third Party Risk Management Professional (C3PRMP)
Required Skills and Abilities
Lead and build programs with strong passion to continuously identify and execute improvement opportunities.
Serve as a subject matter expert for third party risk management technology, including participating in or helping lead the selection, configuration, and implementation of a new TPRM tool.
Identify opportunities to streamline workflows, reduce manual effort, and improve end-to-end stakeholder experience.
Incorporate enhanced system features and automation to reduce client pain points, simplify business owner interaction, and add value at each stage of the third party lifecycle.
Demonstrated experience building, enhancing, or transforming third party risk management programs.
Hands‑on experience implementing or significantly enhancing a third party risk management system, including system configuration, form and questionnaire design, workflow development, and ongoing optimization.
Proven ability to analyze and compare current state versus future state program and technology requirements, translate regulatory and business needs into practical solutions, and execute against those requirements.
Strong process improvement mindset with experience reducing friction, improving efficiency, and delivering measurable value through program and technology enhancements.
The ability to collaborate, communicate, motivate, persuade, and influence stakeholders at all levels is a critical component of the position.
Provide leadership and subject matter expertise/training to all parties in support of compliance with the Third-Party Risk Management Program.
Strong team player with the desire to partner across the organization and achieve results.
Passion to continuously identify and execute improvement opportunities within the Enterprise Risk Management Department and across the organization.
Proven strong problem solving, analytical and technical skills to understand and identify business needs to develop, communicate, and execute solutions.
Strong organizational skills, adaptability to frequently changing demands, and ability to appropriately prioritize numerous open projects.
Excellent technical writing and oral communication skills with particular emphasis on being able to articulate complex topics in a manner digestible to a wide audience.
Ability to read, comprehend, and evaluate detailed laws, regulations, policies, programs, and data with the ability to make a strong judgement call and summarize key points succinctly to audiences.
Ability to read, interpret and effectively challenge contracts and agreements, and write professionally, clearly, and succinctly.
Possess strong project management skills with the ability to design and execute innovative programs.
Possess analytical/quantitative skills demonstrating the ability to handle, analyze, interpret and utilize data to solve complex problems.
Self‑starter with ability to take ownership and accountability of all roles and responsibilities.
Employee must be capable of interacting calmly and professionally with a variety of people from diverse backgrounds at various levels within and outside of the organization.
Employee must be capable of regular, reliable, and timely attendance.
Additional Requirements Travel:
Occasional travel required (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation. Must be able to lodge in public facilities.
Working Conditions:
Environment: Indoors, climate-controlled shared work area. Noise level: Moderate. Lifting: Sedentary work – Exerting up to 10 pounds of force occasionally; Sedentary work involves sitting most of the time.
Vision:
Close visual acuity to prepare and analyze data and figures, view a computer terminal, and read the computer screen, printed materials, and handwritten materials.
Physical Activities:
Balancing – Infrequent
Climbing – Infrequent
Crawling – Infrequent
Crouching – Infrequent
Feeling – Infrequent
Fingering – Infrequent
Grasping – Daily
Kneeling – Infrequent
Lifting – Infrequent
Pushing – Infrequent
Pulling – Infrequent
Repetitive Motion – Daily
Stooping – Infrequent
What We Offer COMPENSATION & BENEFITS:
Starting salary is dependent upon relevant experience and may vary based on the geographic location of the position. We offer an extensive benefits package that includes, but is not limited to medical, dental, vision, and life insurance. Coverage is available to employees and their eligible dependents in accordance with our written plan documents. You may also be eligible for a health savings account option, an Employee Assistance Program (EAP), a health rewards program, a retirement savings plan, including 401(k) and Profit‑Sharing plans, short and long‑term disability benefits, education and training benefits, and discounts on banking products and services. We also offer a generous Paid Time Off (PTO) plan and paid holidays. PTO accruals begin at .0745 per hour worked for our part time employees up to a maximum accrual of 240 hours per year for certain full‑time employees. PTO accruals are dependent on position, status (Full time or Part time), and years of experience in accordance with our PTO policy. Most full‑time employees are also offered 6 paid holidays and part‑time employees are offered pro‑rated paid holidays. In addition, employees in Utah and Nevada may be eligible for pay for certain state recognized holidays. Visit our website for more details.
We are an Equal Opportunity Employer and qualified applicants, or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, genetic information, protected veteran status, or any other category protected by applicable federal, state, or local laws.
Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
No Recruiters or unsolicited agency referrals please.
#J-18808-Ljbffr
The Analyst collaborates with other Third-Party Risk Analysts and provides thought leadership across all aspects of the TPRM program, including governance, regulatory compliance, and design and implementation of program enhancements. The role plays a key part in the implementation and optimization of third-party risk management technology, configuring a new TPRM tool to align with regulatory, operational, and business needs while introducing enhanced features, streamlining workflows, and reducing stakeholder friction. The position also manages and coordinates activities across the full third-party life cycle, including planning, ongoing monitoring, due diligence, and off‑boarding.
From a company-wide perspective, the Senior Analyst supports the program through training, communication, adherence, and continuous maturation efforts. Responsibilities include coordinating timely due diligence activities; exercising independent judgment and discretion, supporting risk mitigation efforts, and analyzing vendor financial conditions, business continuity, compliance information security, cybersecurity risk and the overall control environment to ensure alignment with GBCI standards. The role is responsible for identifying areas of risk or concern, recommending and implementing solutions, and supporting new automation, system functionality and product enhancements.
Additionally, the Analyst reviews required contract provisions and information security controls, provides effective challenge, and supports contract execution and ongoing contract management. This role requires significant cross-functional coordination and the ability to influence and gain buy‑in from stakeholders across the organization.
The position is part of our Enterprise Risk Management team, which supports senior management and the Board of Directors in assessing, identifying, mitigating, and monitoring the corporation’s key risks to protect its long-term safety and soundness. The department operates in a fast‑paced, evolving environment and requires the ability to maintain focus, adaptability, and productivity while managing competing priorities.
This is a Corporate position which may be located at an available bank division location across our nine-state footprint in AZ, CO, ID, MT, NV, TX, UT, WA, or WY. The entry rate for this position is $69,464.94 + / per year (calculated for Kalispell, MT).
All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.
WA Applicants ONLY: Range $75,663.06 to $113,494.60 per year
Description
Help lead the design, build, implementation, and optimization of third party risk management technology platform and supporting processes, including execution of strategic initiatives to modernize the TPRM operating model. Assess current state processes and technology capabilities, compare against regulatory expectations and future state requirements, and identify gaps requiring remediation or enhancement.
Provide Program guidance for risk-based due diligence reviews across third and fourth party relationships. Utilize the bank’s risk profile framework to assess inherent risk and accurately risk-rate third parties, with particular focus on operational, information security, cybersecurity and compliance risk. Partner with Third Party Relationship Owners to facilitate completion of due diligence requirements, review and challenge provided due diligence. Escalate material risks and issues to third-party risk as appropriate.
Develop, enhance and maintain the overall TPRM Program through updates to policies, procedures, governance, templates, technology, training and communication. Ensure effective use of the third party risk management system across all phases of the third party lifecycle and maintain alignment with applicable regulations and current cyber risk mitigation practices. Lead initiatives to clearly define and monitor third party access to sensitive customer, employee, and bank data and systems.
Manage the contract review process with business units and division staff to ensure contract language appropriately protects the bank’s interest, reduces operational, legal and financial risk, and includes required contractual provisions. Support contract execution, ongoing contract management, and contract termination processes to ensure the secure return or destruction of customer, employee, and bank information.
Create, enhance and deliver management and board reporting, including third-party inventories, dashboards, performance metrics, issue tracking, risk acceptance and findings. Effectively communicate results and recommendations to audiences at all levels of the organization and identify risks requiring escalation.
Monitor regulatory and industry developments related to third-party risk management and proactively enhance the program to align with evolving expectations and best practices. Provide leadership to ensure compliance with Inter-agency Guidance on TPRM and related regulatory requirements, and serve as the key point of contact with regulators, auditors, consultants, and other external parties.
Support the Enterprise Risk Management function through activities such as report development, technical writing, regulatory reporting and research of emerging risk issues as needed.
Must comply with all company policies and procedures and all applicable laws and regulations, including but not limited to the Bank Secrecy Act, the Patriot Act, and the Office of Foreign Assets Control. Must complete the assigned online training courses and achieve a passing score by due date.
About You Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education
Required:
Bachelor’s Degree – Bachelor's degree in Business Administration, Finance, Accounting, Mathematics, Economics, Computer Science, Business Information Systems or other business related field
Preferred:
Legal education such as paralegal studies; Juris Doctor (JD)
Experience
Required:
5 years experience in developing and managing risk activities such as legal, vendor/third-party, information security, compliance, audit, regulatory, consulting, or other related program
Required: 2 years of experience in conducting assessments of contracts, agreements, regulations, laws, or other complex technical documents, including the ability to interpret, challenge, and recommend revisions
Required: 1 year experience in reading and understanding SSAE 18 Reports, SOC Reports, ISO Certifications, industry standard SIG framework, and Cloud Security Questionnaires (preferred)
Required: Advanced / Specialized Knowledge – Microsoft Word and Excel
Preferred: Knowledge of RCSA and logging vendor deficiencies
Preferred: Banking or financial industry knowledge and experience
Preferred: Knowledge of information security and cyber risk as it pertains to vendor management
Preferred: Understanding of federal banking guidelines and regulations, specifically related to third-party risk requirements
Preferred: Experience utilizing GRC tools to assess, manage, track, and report on third-party risk
License / Certification
Preferred: Certified Third-Party Risk Professional (CTPRP), Certified Third-Party Risk Assessor (CTPRA), Third Party Cyber Risk Assessor (TPCRA), or Certified Third Party Risk Management Professional (C3PRMP)
Required Skills and Abilities
Lead and build programs with strong passion to continuously identify and execute improvement opportunities.
Serve as a subject matter expert for third party risk management technology, including participating in or helping lead the selection, configuration, and implementation of a new TPRM tool.
Identify opportunities to streamline workflows, reduce manual effort, and improve end-to-end stakeholder experience.
Incorporate enhanced system features and automation to reduce client pain points, simplify business owner interaction, and add value at each stage of the third party lifecycle.
Demonstrated experience building, enhancing, or transforming third party risk management programs.
Hands‑on experience implementing or significantly enhancing a third party risk management system, including system configuration, form and questionnaire design, workflow development, and ongoing optimization.
Proven ability to analyze and compare current state versus future state program and technology requirements, translate regulatory and business needs into practical solutions, and execute against those requirements.
Strong process improvement mindset with experience reducing friction, improving efficiency, and delivering measurable value through program and technology enhancements.
The ability to collaborate, communicate, motivate, persuade, and influence stakeholders at all levels is a critical component of the position.
Provide leadership and subject matter expertise/training to all parties in support of compliance with the Third-Party Risk Management Program.
Strong team player with the desire to partner across the organization and achieve results.
Passion to continuously identify and execute improvement opportunities within the Enterprise Risk Management Department and across the organization.
Proven strong problem solving, analytical and technical skills to understand and identify business needs to develop, communicate, and execute solutions.
Strong organizational skills, adaptability to frequently changing demands, and ability to appropriately prioritize numerous open projects.
Excellent technical writing and oral communication skills with particular emphasis on being able to articulate complex topics in a manner digestible to a wide audience.
Ability to read, comprehend, and evaluate detailed laws, regulations, policies, programs, and data with the ability to make a strong judgement call and summarize key points succinctly to audiences.
Ability to read, interpret and effectively challenge contracts and agreements, and write professionally, clearly, and succinctly.
Possess strong project management skills with the ability to design and execute innovative programs.
Possess analytical/quantitative skills demonstrating the ability to handle, analyze, interpret and utilize data to solve complex problems.
Self‑starter with ability to take ownership and accountability of all roles and responsibilities.
Employee must be capable of interacting calmly and professionally with a variety of people from diverse backgrounds at various levels within and outside of the organization.
Employee must be capable of regular, reliable, and timely attendance.
Additional Requirements Travel:
Occasional travel required (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation. Must be able to lodge in public facilities.
Working Conditions:
Environment: Indoors, climate-controlled shared work area. Noise level: Moderate. Lifting: Sedentary work – Exerting up to 10 pounds of force occasionally; Sedentary work involves sitting most of the time.
Vision:
Close visual acuity to prepare and analyze data and figures, view a computer terminal, and read the computer screen, printed materials, and handwritten materials.
Physical Activities:
Balancing – Infrequent
Climbing – Infrequent
Crawling – Infrequent
Crouching – Infrequent
Feeling – Infrequent
Fingering – Infrequent
Grasping – Daily
Kneeling – Infrequent
Lifting – Infrequent
Pushing – Infrequent
Pulling – Infrequent
Repetitive Motion – Daily
Stooping – Infrequent
What We Offer COMPENSATION & BENEFITS:
Starting salary is dependent upon relevant experience and may vary based on the geographic location of the position. We offer an extensive benefits package that includes, but is not limited to medical, dental, vision, and life insurance. Coverage is available to employees and their eligible dependents in accordance with our written plan documents. You may also be eligible for a health savings account option, an Employee Assistance Program (EAP), a health rewards program, a retirement savings plan, including 401(k) and Profit‑Sharing plans, short and long‑term disability benefits, education and training benefits, and discounts on banking products and services. We also offer a generous Paid Time Off (PTO) plan and paid holidays. PTO accruals begin at .0745 per hour worked for our part time employees up to a maximum accrual of 240 hours per year for certain full‑time employees. PTO accruals are dependent on position, status (Full time or Part time), and years of experience in accordance with our PTO policy. Most full‑time employees are also offered 6 paid holidays and part‑time employees are offered pro‑rated paid holidays. In addition, employees in Utah and Nevada may be eligible for pay for certain state recognized holidays. Visit our website for more details.
We are an Equal Opportunity Employer and qualified applicants, or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, genetic information, protected veteran status, or any other category protected by applicable federal, state, or local laws.
Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US.
No Recruiters or unsolicited agency referrals please.
#J-18808-Ljbffr