Technology Third Party Risk & Compliance Analyst

Libro Credit Union is growing!  

Join Libro Credit Union as a full-time Technology Third Party Risk & Compliance Analyst 

At Libro Credit Union, every employee and every customer are members. Everything we do is about strengthening financial well-being for a better tomorrow.  

• As a Certified B Corporation©, we use business as a force for good. That means: Empowering people to live their most fulfilled lives.
• Supporting businesses and communities to thrive.
• Caring for the planet and economic growth through sustainable practices. 

Libro invests in our employee’s development and career ambitions. We value candidates who are accountable, courageous, inclusive, driven to perform and have a passion for supporting people, local business and communities in strengthening their financial well-being. 

We are currently hiring a full-timeTechnology Third Party Risk & Compliance Analyst to support our IT Department. This job posting is for a newly created position and is eligible for flexible work, with an expectation to be at the London Admin office a few times a month.

The Technology Third Party Risk & Compliance Analyst leads the execution and monitoring of technology-related third-party risk across the full third-party lifecycle. This role performs risk analysis related to onboarding, ongoing monitoring, contractual and security control review, and remediation tracking and coordination.  

The analyst partners with IT Teams, Procurement, and Enterprise Risk Management to ensure technology-related third-party risks are identified, assessed, documented, and managed in alignment with the Third Party Management Corporate Policy, regulatory expectations, and organizational risk appetite.  

This role is responsible for implementing and monitoring third-party risk controls and ensuring appropriate documentation and evidence are maintained. It does not include vendor selection, commercial negotiation, or contract ownership. 

This position operates as part of the first line of defense within IT. Independent oversight and challenge are performed by Enterprise Risk Management. 

The Role: 

• Conduct and document technology third-party risk assessments for new vendors and initiatives as part of the New Initiative Risk Assessment process. 
• Evaluate security, operational resilience, data protection, integration, and regulatory risks associated with proposed third parties.  
• Review control design and identify gaps against Libro’s Third Party Management Corporate Policy and technology risk standards. 
• Recommend remediation actions or risk mitigation measures prior to approval.  
• Provide risk-based input to support onboarding decisions.  
• Engage appropriate IT and business subject matter experts where specialized technical input is required.
• Perform periodic and annual third-party risk assessments, including review and analysis of SOC reports, security attestations, due diligence documentation, and other control evidence.  
• Assess and document residual risk in accordance with established risk methodologies. 
• Escalate significant issues to the Director, IT GRC or appropriate leadership as required. 
• Prepare risk summaries and reporting to support management oversight and governance committee visibility.
• Review and analyze contractual, security, and compliance provisions to assess alignment with Libro’s risk standards.  
• Identify deficiencies, document associated risk exposure, and recommend required clauses or compensating controls. 
• Support interpretation of technology-related contractual and regulatory obligations in collaboration with IT and business subject matter experts, Legal, Procurement, or Enterprise Risk.
• Maintain and monitor the inventory of identified third party technology risks, issues, and remediation actions. 
• Track corrective actions assigned to internal stakeholders and vendors, ensuring timely updates and appropriate evidence. 
• Execute and document ongoing third party monitoring controls in alignment with policy and standards. 
• Update risk ratings based on remediation status and residual risk.  
• Escalate overdue or ineffective remediation activities and support preparation of third party risk reporting for management and governance committees.
• Partner with Procurement, who leads the RFP and sourcing process, by acting as the IT risk and control representation.  
• Define technology and security requirements for inclusion in RFP documentation, assess vendor responses against risk criteria, and provide risk-based recommendations to support evaluation and selection decisions.
• For complex or high-risk initiatives, engage appropriate IT and business subject matter experts to support technical assessment and ensure comprehensive risk evaluation. 

What We’re Looking For: 

• Diploma or degree in Information Technology, Computer Science, Information Systems, Risk Management, Cybersecurity or a related field.
• 3 to 6 years of experience in technology risk, third-party risk management, IT governance, compliance, audit, cybersecurity, or a related IT oversight role in a regulated industry such as financial services, credit unions, or public sector is an asset.
• Experience performing technology risk assessments.
• Experience reviewing and analyzing SOC reports, security documentation, and control evidence
• Experience evaluating contractual, security, and compliance requirements and translating them into risk impact
• Experience applying risk rating methodologies and documenting residual risk.
• Experience maintaining risk registers, tracking remediation activities, and supporting governance reporting.
• Demonstrated understanding of technology and third-party risk domains, including security, availability, confidentiality, and operational resilience and data protection.
• Working knowledge of third-party risk lifecycle practices and control frameworks
• Ability to evaluate control design and operational effectiveness within a first line environment
• Strong analytical, documentation, and stakeholder engagement skills.
• Relevant professional certification or designation in related field (an asset).
• A passion for helping people grow their financial well-being.  
• Display Libro’s values of Accountability, Courage, High Performance and Inclusive Mindset. 

We Offer Total Reward Programs to Set You Up for Success In & Outside of Work: 

• Competitive salaries, benefit packages, pension plans, & incentive programs, that value your dedication.
• Generous vacation time.?
• Employee wellness program, Employee & Family Assistance Program, fitness club discounts, technology offers, travel and entertainment deals. ?
• Dedicated staff banking specialists to support strengthening your own financial well-being! Staff accounts and staff rates on products and services.?
• We believe in developing internal talent. Unlock your potential with tuition assistance and opportunities for advancement. 

If you're passionate about helping your community, interested in being part of a remarkable team, and want to do your part to strengthen financial well-being for a better tomorrow - we want to hear from you! 

Libro is committed to fostering a safe, healthy, and inclusive work environment that inspires respect.  As an inclusive employer we are committed to providing a fully accessible recruitment process.  Email us at careers@libro.ca any time during the recruitment process to let us know what supports you may need to be successful. 

Please note the expected salary range for this role is available on the Libro Careers site, where candidates are required to apply.  

#LI-HYBRID