1

Contract Third Party Risk Jobs (NOW HIRING)

Archer is seeking a Senior Third Party Risk Management (TPRM) Engineer to execute our vendor cyber ... program at contract execution. Conduct deep-dive investigations into vendor risk signals ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Third Party Risk Analyst

Minneapolis, MN · On-site

$78K - $112K/yr

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Third Party Risk Analyst

Manhattan, NY · On-site

$97K - $132K/yr

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Manager - Third Party Risk The position will be primarily responsible for managing and leading the assessment of the information security posture of key clients' third parties while overseeing the ...

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Third Party Risk Analyst

Minneapolis, MN · On-site

$78K - $112K/yr

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Manager - Third Party Risk The position will be primarily responsible for managing and leading the assessment of the information security posture of key clients' third parties while overseeing the ...

As the Manager, Third Party Risk Management at Upstart, you will lead the day-to-day execution of the bank's third-party risk management program and oversee a team responsible for risk assessments ...

Third Party Risk Analyst

New York, NY · On-site

$97K - $132K/yr

As our new Third Party Risk Analyst , you will play a critical role in protecting Anaplan by managing the risks associated with our third-party suppliers and reporting to our legal team. You will be ...

Third Party Risk Specialist

New York, NY · On-site

$150K - $175K/yr

A Career with Point72's Third-Party Risk Team The ThirdParty Risk Management Team at Point72 is responsible for overseeing the firm's thirdparty risk management program, including risk assessments ...

As the Manager, Third Party Risk Management at Upstart, you will lead the day-to-day execution of the bank's third-party risk management program and oversee a team responsible for risk assessments ...

Manager - Third Party Risk The position will be primarily responsible for managing and leading the assessment of the information security posture of key clients' third parties while overseeing the ...

next page

Showing results 1-20

Contract Third Party Risk information

See salary details

$14

$30

$74

How much do contract third party risk jobs pay per hour?

As of Jul 8, 2026, the average hourly pay for contract third party risk in the United States is $30.34, according to ZipRecruiter salary data. Most workers in this role earn between $19.47 and $38.70 per hour, depending on experience, location, and employer.
What are the most commonly searched types of Third Party Risk jobs? The most popular types of Third Party Risk jobs are:
Infographic showing various Contract Third Party Risk job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 62% Full Time, 19% Part Time, 1% Temporary, and 17% Contract. Highlights an 80% Physical, 2% Hybrid, and 18% Remote job distribution, with an average salary of $63,100 per year, or $30.3 per hour.
Third Party Risk Manager

Third Party Risk Manager

Archer

San Jose, CA • On-site

Other

Posted 21 days ago


Job description

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise. Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

Job Overview
Archer is building the future of urban air mobility. Our supply chain spans hundreds of vendors - from avionics hardware suppliers to cloud infrastructure providers - and a compromise anywhere in that ecosystem could impact aircraft certification, delay FAA approvals, or expose sensitive information. You are key to effective enforcement of our extended enterprise third-party risk posture. Archer is seeking a Senior Third Party Risk Management (TPRM) Engineer to execute our vendor cyber risk function across all tiers of our supplier ecosystem. In this high-visibility role, you will use platforms like BitSight to continuously monitor, investigate, triage, and action security risks introduced by third-party partners and their downstream (4th-party) suppliers. You will serve as the connective tissue between Security, Sourcing, Legal, and executive leadership - translating third party risk indicators into actionable threat intelligence and coordinated response actions while ensuring strict compliance with NIST SP 800-171, CMMC Level 2, and SOX ITGC requirements. This role requires both hands-on technical depth and program-building acumen. You will support and execute Archer's TPRM function from the ground up, develop risk-tiered due diligence processes, and ensure vendor security posture remains aligned with our CMMC Level 2, NIST SP 800-161, and DFARS obligations as we grow our defense programs.

Key Responsibilities

Operate BitSight and complementary EASM/continuous monitoring platforms as the primary lens into Archer's third-party attack surface. Maintain a tiered vendor inventory, configure portfolio monitoring, tune alert thresholds, and ensure new vendors are onboarded into the program at contract execution.
Conduct deep-dive investigations into vendor risk signals - including unpatched CVEs, exposed services, credential leaks, certificate anomalies, business deterioration, and dark web indicators. Correlate external ratings data with internal telemetry to assess true business exposure and eliminate false positives before escalation.
Extend visibility beyond direct vendors to identify and monitor critical 4th-party sub-processor dependencies. Map supply chain concentration risks, single points of failure, and foreign ownership or influence (FOCI) concerns for vendors supporting defense programs or handling CUI.
Drive risk closure by issuing formal findings, coordinating with internal vendor relationship owners, and tracking remediation commitments through resolution. Engage procurement and legal channels when vendors are non-responsive or remediation timelines are unacceptable.
Produce crisp, executive-quality risk briefings, board-level metrics, and ad-hoc deep-dives for the CISO, General Counsel, and program security leads. Escalate critical or rapidly-deteriorating vendor risk findings in near-real-time with clear business impact statements and recommended courses of action.
Design and administer risk-tiered security questionnaires for new and renewing vendors. Evaluate responses, validate claims against external signals, execute integrated due diligence checkpoints in Archer's procurement workflow.
Influence, develop and maintain TPRM policies, standards, and procedures aligned to NIST SP 800-161 (C-SCRM), CMMC Level 2 SR practices, and ISO 27036. Provide transparency to external audits and government assessments by maintaining organized evidence of vendor risk controls and remediation activity.
Serve as the TPRM lead during vendor-related security incidents - coordinating with Archer's internal IR team, managing vendor communications under legal hold protocols, and driving root cause analysis and contractual remedies following a third-party breach.

Required Qualifications
7+ years in cybersecurity with at least 3 years of dedicated third-party or supply chain risk management experience
Demonstrated hands-on proficiency with BitSight or an equivalent continuous monitoring platform - including alert tuning, portfolio management, vendor engagement workflows, and peer benchmarking
Deep working knowledge of NIST SP 800-161 (C-SCRM), NIST CSF, CMMC Level 2 SR and CA practices, and ISO 27036 as they apply to vendor security governance
Experience conducting structured vendor security due diligence across SaaS, cloud infrastructure, hardware manufacturers, and professional services suppliers
Proven ability to investigate and triage cyber risk findings at scale - correlating external signals with business context to produce prioritized, actionable intelligence for both technical and non-technical stakeholders
Familiarity with 4th-party risk mapping, sub-processor disclosure reviews, and supply chain concentration risk analysis
Excellent written and verbal communication skills - able to translate complex vendor risk findings into executive-ready briefings, board-level dashboards, and actionable
Eligibility to obtain a DoD Secret security clearance

Preferred Qualifications
Certifications: CTPRP (Prevalent), CRISC, CISSP, CISM, or equivalent risk management credentials
Active DoD Secret or Top Secret/SCI clearance
Familiarity with ITAR/EAR data sharing constraints and their implications for vendor contracting and CUI handling
Exposure to FOCI (Foreign Ownership, Control, or Influence) assessments
Experience integrating TPRM tooling with GRC platforms or building risk workflow automation (e.g., auto-routing findings, SLA tracking, contract clause triggers)
Prior startup or high-growth company experience - comfort operating with limited bureaucracy and building programs that scale with business growth

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company's business strategy. For this position we are targeting a base pay between $207,400 - $259,200. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer's People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.