Third Party Due Diligence Analyst

Business Controls Department

The Mizuho Americas Business Controls Department (BCD) is a team of first line of defense (1LoD) risk and control professionals performing essential enterprise control functions across the company including Third Party Risk Management, Business Continuity Planning, Data Management Operations, Data Loss Prevention, and Business Risk and Control Services.

The functions performed span all lines of business and corporate functions across the Americas region. The department is also accountable for spearheading the company’s efforts to understand and manage data privacy, fraud, conduct, reputational, and strategic risk.

The department creates singular accountability and a one stop shop for all enterprise control services. The Mizuho Americas BCD is part of the Mizuho Americas Corporate Strategy & Administration Division.

Third Party Risk Management Unit

The Third Party Risk Management Unit (TPRMU) is a 1LoD risk function that is responsible to provide a white-glove service by working closely with all business lines and corporate functions to shepherd them through the Third Party Risk Management (TPRM) process, work directly with the Third Parties to perform Due Diligence and to provide oversight of the Third Party Risk Management function.

Third Party Due Diligence Team (TPDD)

Third Party Due Diligence (TPDD) is a team in the Third Party Risk Management unit of the Mizuho Americas Business Controls Department, that performs Third Party Risk Assessments in the areas of IS, IT, and BCP for all MUSO entities.

TPDD Assessors perform an assessment of the existence and effectiveness of controls in place to identify the risks related to third party service providers as incidents related to third parties can lead to business disruptions, impact clients, raise regulatory concerns, cause reputational damage or incur financial loss.

Roles and Responsibilities :

Perform third party risk monitoring process utilizing BitSight tool to evaluate the cybersecurity posture of Mizuho third and fourth parties.

Perform location risk monitoring process of third parties utilizing Supply Wisdom tool to assess risks associated with specific locations such as political stability, security threats, natural disaster, and other factors that may impact business operations.

Perform due diligence monitoring activities to ensure that remediation plans are worded appropriately, service locations are updated correctly, Certificate of Insurances (COIs) and Service Organization Controls (SOC) Reports are obtained timely, reassessment due dates of multiple engagements are aligned properly and others.

Perform annual assessment for Head Office per the Outsourcing Management of System Development / Operation Procedure.

Collaborate with various stakeholders, including third party providers, business units, Legal, Compliance and other teams.

Conduct risk assessment to ensure compliance with MUSO Third Party Risk Management (TPRM) and Third Party Risk Assessment Procedures.

Perform due diligence review to identify control gaps that identifies the existence and effectiveness of the implemented controls in accordance with MUSO policies and procedures.

Assess the risks associated with third-party relationship and identify findings for Mizuho entities.

Review evidences received from third parties to ensure that the adequacy of controls and provide assurance that the remediation plans effectively closed the identified findings.

Perform on-site reviews.

Lead process improvement activities, participating in information security assessment special projects and other assessment related activities.

Update TPDD Standard Operating Procedure.

Assist in gathering assessment result documents needed for an audit.

Qualifications

The individual will be a part of the Third Party Due Diligence Team and is expected to work remotely with periodic onsite visits to the office.

The level of the position is commensurate with the experience and knowledge of the individual selected for the role.

Exceptional skills in data analysis and advanced proficiency in Excel (e.g. Functions and Formulas)

Exceptionally high attention to detail and accuracy.

Proficient in using risk assessment tools (e.g. Archer), monitoring tools (e.g. BitSight and Supply Wisdom), and Microsoft Office Suite.

Work independently with minimal supervision and possess consistent sound judgment.

Ability to prioritize tasks and projects to meet deadlines.

Ability to review processes and identify improvements to develop best practices.

Proficient in managing multiple tasks and projects with effective project and time management skills.

Strong interpersonal and critical thinking skills with the ability to collaborate with others to deliver impactful results.

Strong written and verbal communication skills to prepare detailed reports and effectively communicates with stakeholders.

Bachelor’s degree in relevant field such as information security, cybersecurity, business administration, finance, or risk management.

Relevant certifications (e.g. CTPRA, CTPRP, CISA, CRISC and / or CISSP certification).

3-5+ years in risk assessment, third-party risk management, vendor management, or related field - Big 4, Consulting or IT internal audit experience.

Knowledge of contract review, data privacy, information security, information technology and Business Continuity Plan principles.

Ability to identify and assess potential risks and vulnerabilities and ensure evidence is sufficient when assessing the relevant controls.

Experience with Shared Assessments evaluations.

The expected base salary ranges from $84,750.000 - $125,000.00. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained.

Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.

LI- NR1

Other requirements

Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations.