Third-Party Risk Management

Third-Party Risk Management (TPRM) Analyst Job Category: Individual Contributor Requisition Number: THIRD006914 Posted: January 14, 2026 Full-Time Location Vancity Centre183 Terminal AveVancouver, BC V6A4G2, CAN We’re Vancity, a member-owned credit union built on the principles of inclusion and social justice. Since 1946, our relentless commitment to these values has helped us challenge the status quo and break down barriers. We’ve made bold commitments to become net‑zero by 2040 across all mortgages and loans, and we’re actively pursuing strategies in Indigenous banking and financial resilience for our members. As the largest private‑sector Living Wage Employer in Canada, we’re proud to be consistently recognized as one of the country’s Top Employers. If you’re ready to join our team of 2,700 diverse individuals, access competitive rewards and benefits, and be part of a greater movement – apply today Your Role in Supporting Our Members Join our IT Governance, Risk, and Compliance (IT‑GRC) team as a Third‑Party Risk Management (TPRM) Analyst. In this role, you will perform TPRM and vendor risk assessments, and work closely with internal stakeholders and vendors to ensure that security and compliance risks are identified, assessed, and managed effectively in line with internal policies, regulatory requirements, and industry best practices. This is a full‑time, permanent role based at Vancity head office, with hybrid working arrangements primarily from the Vancity head office location and your Lower Mainland based home office. Periodically, you’ll be required to attend in‑person activities or events. This role reports to the Senior Manager of IT GRC. How You’ll Make an Impact Conduct third‑party risk assessments to evaluate vendor security and compliance controls by reviewing vendor documentation, engaging with internal stakeholders to understand business requirements, and identifying security and compliance gaps Review vendor security documentation, including SOC reports, web application penetration test results, and security risk assessments Review and provide opinion on vendor‑provided SoWs, contracts, and MSAs Maintain and improve third‑party risk management processes, tools, and workflows to streamline risk assessments, audit procedures, and reporting Work with procurement, vendor management, legal, and other business teams to perform due diligence on new vendors and ensure security and compliance requirements are met before onboarding Evaluate third‑party security incidents or breaches or vulnerabilities, and coordinate investigation efforts with internal teams and vendors Perform other tasks and responsibilities as assigned What You’ll Bring to the Team Bachelor’s in Information Technology, Risk Management, Business, or a related field 2–5 years of related experience in IT Governance, Risk, and Compliance (GRC), Third‑Party Risk Management, or Information Security A solid understanding of relevant cyber security standards and frameworks such as NIST, ISO 27001, AICPA SOC reports, PCI‑DSS, OSFI, PIPEDA Prior working knowledge in reviewing SOC1, SOC2, PCI (AoC), and ISO 27001 reports and attestations Experience reviewing vendor security controls, evaluating compliance artifacts, and analyzing security risks Strong attention to detail and analytical thinking to identify vendor security risks and assist in remediation tracking Excellent communication and stakeholder management skills to engage with vendors and internal teams A proactive mindset with the ability to work independently and manage multiple priorities in a fast‑paced environment Extra Skills That Set You Apart Experience in IT, Audit, Risk Management, Information Security, or a combination of these Information Security related certifications and training such as CISA, CRISC, and CISM An undergraduate degree (preferably in Cyber Security, Computer Science, Engineering, or a highly related field) You’ll Thrive Here If You Are Detail‑Oriented: Sharp eye for identifying security gaps and areas of improvement in vendor security practices Analytical: Balance business needs with risk considerations and provide pragmatic recommendations Proactive & Adaptable: Anticipate challenges and take action to address them before they elevate Collaborative: Work effectively with cross‑functional teams, including Procurement, Legal, and IT Security A Clear Communicator: Translate technical risk concepts into business‑friendly language for stakeholders Driven by Continuous Improvement: Always look for ways to refine processes and enhance risk management effectiveness We value lived experience, and encourage you to apply even if you feel your skills don’t perfectly align with those listed. Why You’ll Love Working Here Living Wage Employer: We’re the largest private‑sector Living Wage Employer in Canada and consistently ranked among Canada’s Top Employers Customizable Benefits: Permanent employees receive flexible benefit packages that can be tailored annually to meet evolving needs Generous Vacation: New employees start with 3–4 weeks of vacation per year, with additional days earned over time Extra Stat Holidays: In addition to BC’s 11 statutory holidays, we offer 2 extra days, plus care days for personal or family illness Immediate Health Coverage: Health and dental benefits begin on your hire date, with three levels of coverage to choose from Defined Benefit Pension: Our retirement plan provides a guaranteed income for life, recognizing that retirement looks different for everyone What You’ll Earn This role offers a salary range of $92,700.00 to $125,400.00 per annum. The base pay offered may vary depending on factors such as relevant qualifications, skills, previous experience, and internal equity. As part of our total rewards package, employees may also be eligible for our annual incentive program, subject to program eligibility requirements. Vancity Talent Programs Vancity supports an inclusive hiring process for candidates who self‑identify as Indigenous, Black, or Trans. With special permission from the BC Human Rights Commissioner, this initiative provides access to career development opportunities, prioritized job screening, and feedback. Any information you choose to share will be stored securely and used only for recruitment and career development connected to this initiative, in line with the BC Personal Information Protection Act (PIPA). For details, please see our dedicated Talent Programs job posting. This role is an open vacancy, and our hiring process is grounded in fairness, transparency, and inclusion. We are also committed to an inclusive, barrier‑free and accessible recruitment experience for all candidates. If you require any accommodations or support at any stage of the recruitment process (including the application stage), we encourage you to let us know by contacting our Talent Acquisition team at recruitment@vancity.com. We’re here to work with you to ensure your needs are met promptly and effectively. All requests will be handled with the utmost respect and confidentiality, so you can participate fully in the process. Education Preferences Bachelor’s or higher in Business Bachelor’s or higher in Computer Science #J-18808-Ljbffr