Develop and maintain the firm's vendorrisk management framework , including riskscoring ... Position is full-time and requires a five-day work week and standard hours as outlined in the Firm ...
Develop and maintain the firm's vendorrisk management framework , including riskscoring ... Position is full-time and requires a five-day work week and standard hours as outlined in the Firm ...
Develop and maintain the firm's vendorrisk management framework , including riskscoring ... Position is full-time and requires a five-day work week and standard hours as outlined in the Firm ...
Develop and maintain the firm's vendorrisk management framework , including riskscoring ... Position is full-time and requires a five-day work week and standard hours as outlined in the Firm ...
Vendor Analyst, AI & Technology Risk
Iowa, LA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Iowa, LA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Atlanta, GA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Atlanta, GA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Chicago, IL · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Chicago, IL · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
New York, NY · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
New York, NY · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Dallas, TX · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Vendor Analyst, AI & Technology Risk
Dallas, TX · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations ... We are proud to offer our full-time regular employees a robust benefits suite that includes:
Evaluate vendor security posture, compliance certifications (SOC 2, ISO 27001, etc.), and contractual obligations. * Creating and enhancing a cybersecurity vendor risk management program, including ...
Evaluate vendor security posture, compliance certifications (SOC 2, ISO 27001, etc.), and contractual obligations. * Creating and enhancing a cybersecurity vendor risk management program, including ...
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Quick apply
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Quick apply
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Quick apply
Program Manager, Third Party Risk Management Summary/Objective Under the direction of the Program ... This role ensures vendor risk activities--including due diligence, ongoing monitoring ...
Vendor Risk Assessments: Conduct risk assessments and due diligence for new and existing third ... Tool Management:Useapproved technologyto support automation of TPRM workflows. This includes ...
New
Vendor Risk Assessments: Conduct risk assessments and due diligence for new and existing third ... Tool Management:Useapproved technologyto support automation of TPRM workflows. This includes ...
New
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Vendor Management Specialist
Los Angeles, CA · On-site
$60K - $65K/yr
WORK ENVIRONMENT Full-time on-site office setting in Los Angeles, CA Adheres to Bank policies and ... This role supports risk management, cost optimization, and performance monitoring of vendors that ...
Quick apply
Vendor Management Specialist
Los Angeles, CA · On-site
$60K - $65K/yr
WORK ENVIRONMENT Full-time on-site office setting in Los Angeles, CA Adheres to Bank policies and ... This role supports risk management, cost optimization, and performance monitoring of vendors that ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Director Vendor Management
Coppell, TX · On-site
Knowledge of risk management frameworks and regulatory requirements * Thorough understanding of the ... vendors (CFPB, FNMA, HUD, OCC, etc.). * Advancedproficiencyin general computer use (MS Word, Excel ...
Director Vendor Management
Coppell, TX · On-site
Knowledge of risk management frameworks and regulatory requirements * Thorough understanding of the ... vendors (CFPB, FNMA, HUD, OCC, etc.). * Advancedproficiencyin general computer use (MS Word, Excel ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · On-site
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · On-site
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Full Time Vendor Risk Management information
See salary details
$43.5K - $54.8K
8% of jobs
$54.8K - $66K
14% of jobs
$71.2K is the 25th percentile. Wages below this are outliers.
$66K - $77.3K
6% of jobs
$77.3K - $88.6K
8% of jobs
$88.6K - $99.9K
11% of jobs
The median wage is $102.2K / yr.
$99.9K - $111.1K
13% of jobs
$111.1K - $122.4K
11% of jobs
$125.8K is the 75th percentile. Wages above this are outliers.
$122.4K - $133.7K
15% of jobs
$133.7K - $145K
8% of jobs
$145K - $156.2K
4% of jobs
$156.2K - $167.5K
2% of jobs
$43.5K
$103.7K
$167.5K
How much do full time vendor risk management jobs pay per year?
What is the difference between Full Time Vendor Risk Management vs Vendor Compliance Analyst?
| Aspect | Full Time Vendor Risk Management | Vendor Compliance Analyst |
|---|---|---|
| Primary Focus | Assessing and mitigating vendor risks across the supply chain | Ensuring vendors comply with policies and regulations |
| Certifications | Risk management, vendor management certifications often preferred | Compliance, audit, or regulatory certifications |
| Work Environment | Corporate offices, remote work, cross-department collaboration | Office-based, audit and review settings |
| Industry Usage | Finance, healthcare, technology sectors | Financial services, manufacturing, retail |
Full Time Vendor Risk Management professionals focus on identifying and reducing risks associated with vendors, while Vendor Compliance Analysts primarily ensure vendors adhere to policies and regulations. Both roles require understanding of vendor processes but differ in scope and objectives.

Job description
ABOUT BAKER BOTTS
Baker Botts is a leading international law firm recognized for its deep understanding of the industries it serves. With offices across major global markets, the firm delivers sophisticated legal services while cultivating a collaborative, inclusive culture where both attorneys and professional staff contribute to client success and organizational excellence.
ABOUT THE ROLE
The Information Security Client & Vendor Risk Manager leads the firm’s client due diligence program and oversees all information security vetting for third party vendors across the firm. This role requires deep expertise in security frameworks, strong riskassessment judgment, and the ability to influence senior stakeholders, including internal stakeholders, and client security teams. The Manager acts as a key liaison between the firm’s clients, internal leadership, IT Security, Procurement, and Risk Management, ensuring the firm meets the heightened expectations of our clients.
WHAT YOU'LL DO
Primary Responsibilities
- Own and mature the firmwide client and vendor duediligence program, ensuring consistency, accuracy, and alignment with the firm’s security posture and regulatory obligations.
- Serve as the firm’s subjectmatter expert on informationsecurity controls, certifications, and risk posture during client audits, RFPs, and reviews or client engagement terms.
- Lead complex vendorrisk assessments for highimpact technology and service providers, including review of SOC 2 reports, ISO 27001 certifications, penetrationtest results, cloudsecurity controls, dataprotection, privacy, and retention practices.
- Develop and maintain the firm’s vendorrisk management framework, including riskscoring methodologies, onboarding workflows, and continuousmonitoring processes.
- Partner with Procurement, IT, and Office of General Counsel to evaluate vendor contracts, negotiate security requirements, and recommend riskmitigation strategies.
- Prepare the firm for client audits and regulatory reviews, coordinating evidence collection, documentation, and SME participation across multiple departments.
- Represent the firm in clientfacing security discussions, including responding to escalated inquiries from corporate counsel, privacy officers, and client security teams.
- Monitor emerging risks and regulatory developments relevant to the legal industry (e.g., SEC cybersecurity rules, state privacy laws, international datatransfer requirements).
- Mentor junior analysts and contribute to the professional development of the broader Risk and Compliance team.
- Drive continuous improvement, identifying opportunities to streamline duediligence workflows, enhance tracking and remediation of client-identified risks, and strengthen the firm’s security posture.
Additional Responsibilities
- Provide management with periodic reports & briefings on evolving topics within their area of responsibility.
- Other related projects and duties as assigned by the Director of Information Security.
WHAT YOU'LL BRING
Required
- 6+ years of experience in information security, vendor risk management, compliance, or legalindustry operations, ideally within an Am Law 200 firm or similarly regulated environment.
- Deep understanding of security frameworks and standards (SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, state privacy laws).
- Experience conducting or leading vendorrisk assessments for enterpriselevel technology providers.
- Strong communication skills, including the ability to brief partners, respond to client security teams, and translate technical concepts for nontechnical audiences.
- Demonstrated ability to work independently, manage sensitive information, and lead crossfunctional initiatives in a highpressure environment.
- Professional certifications such as CTPRA, ISO 27001 Lead Implementer or Lead Auditor and CISSP, CISM, CRISC, or CISA required.
- Experience with legalindustry technologies (DMS, ediscovery platforms, cloudbased practicemanagement tools) is a plus.
HOW YOU'LL WORK
Extent of Contact
This position requires contact with individuals within the firms as follows:
- Daily contact with staff from the Firm’s Information Technology, Client Development and Office of the General Counsel teams.
- Moderate contact with Firm’s attorneys and client representatives.
- Occasional contact with Firm Management.
This position requires contact with individuals outside the firm as follows:
- Moderate contact with Firm vendors or potential vendors.
- Moderate contact with Firm clients
Physical Requirements
- Must be able to routinely lift and carry event materials and other items up to 10 pounds.
- Must be able to work at a computer for extensive periods of time.
- Position requires extensive telephone use.
- Must be able to lift, squat, kneel and bend.
- Position requires the ability to visit face-to-face and on the phone with firm lawyers.
Working Conditions and Environment
- Position is full-time and requires a five-day work week and standard hours as outlined in the Firm policy manual. Additional hours, including weekend and evening hours may be required to perform the essential functions of the job.
- Must be able to perform essential duties of the position with time constraints and frequent interruptions.Â
- Ability to work well in high pressure environments.
- 24x7 communication access is required.
- This position is fully remote. You will be required to come to the office periodically for team meetings or when there is a business or client need.
- There is potential for travel when needed for team meetings, onsite assessments etc. when there is a business or client need.
- When working remotely, you must have secure and reliable internet service and a safe, private workspace from which to work.
Baker Botts L.L.P. is an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, gender, sex, age, religion, creed, national origin, citizenship, marital status, sexual orientation, disability, medical condition, military and veteran status, gender identity or expression, genetic information, or any other basis protected by federal, state, or local law.
About Baker Botts
Sourced by ZipRecruiter
Industry
Law firms
Company size
1,001 - 5,000 Employees
Headquarters location
Houston, TX, US
Year founded
1840