Risk Analyst, Third Party

Company Summary:

With Alviere organizations can offer financial products to drive customer engagement generate new revenue streams and improve existing financial flows. The Alviere HIVE platform offers an extensive range of configurable branded financial products including accounts & wallets card issuance streamlined payments and global money transfers. Alviere brings together technology and program support with the trust of a licensed financial institution to assure the safety flexibility and long-term viability of client programs.

Job Summary:

Alviere is looking for a Risk Analyst Third-Party & Partner Risk to own the full compliance lifecycle of every external relationship vendors bank partners and enterprise clients. Reporting directly to the CRCO this individual contributor role covers everything from initial criticality assessment and due diligence through ongoing monitoring issue management contract renewal and offboarding. The role also owns the TPRM-specific controls within Alvieres SOC 2 and PCI compliance programs and manages the annual oversight review cycles imposed by Alvieres bank partners. The right candidate brings equal parts operational discipline and analytical judgment comfortable reading a vendor SOC 2 Type II report in the morning and coordinating a bank partner ShareFile submission in the afternoon. This is a high-ownership highly visible role with direct CRCO reporting and broad internal stakeholder reach.

Responsibilities include but are not limited to:

• Own and maintain Alvieres third-party criticality and risk tier framework classifying all vendors bank partners and enterprise clients as critical high medium or low risk; applying the framework consistently at intake and on material relationship changes; and maintaining the vendor registry as the authoritative source of record.
• Execute the full vendor due diligence lifecycle initial intake and risk assessment due diligence (SOC 2 report review security questionnaire financial stability PCI attestation BCP documentation) contract gating annual re-assessment SLA and performance monitoring vendor issue escalation and resolution through the VI Jira project and formal offboarding documentation. Manage the external auditors annual qualification and independence assessment.
• Manage bank partner annual oversight review cycles coordinating multi-bank due diligence submissions; assembling packages across Compliance IT and Finance workstreams; completing Wolfsberg Questionnaires PCI DSS SAQ-A/AOC Beneficial Ownership disaster recovery and penetration testing evidence; and serving as the primary compliance point of contact through each review cycle.
• Own the TPRM-domain controls within Alvieres SOC 2 and PCI compliance programs maintaining evidence that Alviere conducts systematic initial and ongoing vendor oversight reviewing inbound vendor SOC 2 Type II reports for exceptions and qualified opinions and delivering complete TPRM evidence into the annual audit Jira board on schedule.
• Track and resolve vendor initiatives and issues in Jira managing vendor capability evaluations contract renewals and commercial negotiations SLA violation escalations technical issue tracking and new vendor selection processes; coordinating across Legal Finance Product and Engineering to keep initiatives moving.
• Prepare TPRM inputs for the quarterly Risk & Compliance Committee vendor portfolio status open due diligence items issue aging tier distribution newly onboarded and offboarded relationships and any material third-party risk findings from the period.

A successful Risk Analyst Third-Party & Partner Risk will have the following:

• 35 years of experience in vendor risk management third-party due diligence compliance operations or a related function at a financial institution fintech payment processor or professional services firm with demonstrated experience personally conducting (not just coordinating) due diligence reviews.
• Ability to read and interpret vendor SOC 2 Type II reports independently identifying control exceptions auditor qualifications subservice organization dependencies and translating findings into a risk rating update with minimal supervision.
• Familiarity with bank partner oversight review mechanics in a bank-sponsored fintech or program manager model understanding of Wolfsberg Questionnaire purpose PCI DSS attestation requirements and the regulatory logic underlying TPRM requirements imposed by sponsor banks.
• Strong cross-functional coordination skills comfortable routing documentation requests across Legal Finance IT and Engineering; managing external relationships with bank compliance teams and vendor representatives; and keeping multi-party processes moving to hard deadlines.
• Operational discipline and process ownership experience managing Jira workflows maintaining structured registries and trackers and producing clean complete documentation for audit and compliance purposes.
• Preferred: CTPRP CRCM CISA or CAMS certification; experience managing bank partner due diligence in a fintech or payment program manager context; familiarity with BSA/AML regulatory framework; experience with ShareFile or equivalent secure document management.

We pride ourselves on developing and promoting talent as an Equal Employment Opportunity Employer - Veteran/Disability. All qualified applicants will receive consideration for employment without regard to race national origin gender age religion disability veteran status or any other category protected by law. We are a true merit-based organization and work hard so there are no artificial barriers to ones potential success. Alviere is committed to a workforce where everyones opportunities are limitless.

Consistent with this commitment Alviere will endeavor to provide reasonable accommodation to otherwise qualified job applicants and employees with known physical or mental disabilities. Please contact for any assistance.

Required Experience:

IC