The ERM Analyst supports and develops STCU’s Enterprise Risk Management, Vendor Management, and Business Continuity programs by developing and monitoring the program procedures, conducting risk assessments, identifying and monitoring KRI/KPI’s, preparing organizational reporting and developing credit union wide risk management processes. This position partners with organizational leaders to identify current and emerging risks, implement appropriate mitigation strategies and identify potential areas of opportunity within risk appetite.Core Job Requirements/OutcomesAdvocate and support a culture of informed risk taking by identifying, measuring, and monitoring credit union wide risks. Collaborate with cross-functional stakeholders to stay informed on and assess current practices, processes, risks, controls, vendors, and critical applications that influence the Credit Union’s risk position.Ensure compliance with risk assessment requirements by conducting timely and thorough risk assessments and by assisting stakeholders with self-assessments and vendor due diligence, which identify exposures, impacts, mitigations, controls, and ongoing monitoring.Facilitate processes and procedures to ensure essential business functions remain available or are quickly recovered during a disruption by identifying critical processes and coordinating business continuity plan updates and simulations.Other Essential FunctionsDevelop and maintain Governance Risk and Compliance software for ERM, vendor management, and business continuity program management, including performing necessary administrative functions such as user maintenance, software updates, and new features when applicable.Support business lines in the awareness and ownership of their risk position by providing education of risks, controls, and effective mitigation techniques, while also seeking areas of opportunity and efficiency within the risk appetite.Assess vendor risk through the evaluation of due diligence materials, discussion and evaluation with business owners, coordination with and recommendations from IT review requirements (TAG) and legal contract review. This includes tracking agreed upon vendor plans to remediate deficiencies until complete.Participate and lead incident response simulations and reporting and ensure effective business continuity testing occurs by designing simulations, evaluating plan and test results and by tracking identified changes resulting from testing until complete.Prepare risk management reports to the Enterprise Risk Management Committee, senior credit union leadership team, and Finance & Risk Committee, incorporating key risk and key performance indicators where available.Foster relationships and collaborate with teams across the organization; actively consult on committees and cross functional working groups to represent risk management and STCU’s risk appetite application.
