2

Full Time Vendor Risk Management Jobs (NOW HIRING)

Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...

Knowledge of risk management frameworks and regulatory requirements * Thorough understanding of the ... vendors (CFPB, FNMA, HUD, OCC, etc.). * Advancedproficiencyin general computer use (MS Word, Excel ...

Governance & Risk Analyst

Chicago, IL · On-site

$85K - $95K/yr

Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...

next page

Showing results 1-20

Full Time Vendor Risk Management information

See salary details

$43.5K

$103.7K

$167.5K

How much do full time vendor risk management jobs pay per year?

As of Jul 15, 2026, the average yearly pay for full time vendor risk management in the United States is $103,704.00, according to ZipRecruiter salary data. Most workers in this role earn between $72,500.00 and $132,000.00 per year, depending on experience, location, and employer.

What is the difference between Full Time Vendor Risk Management vs Vendor Compliance Analyst?

AspectFull Time Vendor Risk ManagementVendor Compliance Analyst
Primary FocusAssessing and mitigating vendor risks across the supply chainEnsuring vendors comply with policies and regulations
CertificationsRisk management, vendor management certifications often preferredCompliance, audit, or regulatory certifications
Work EnvironmentCorporate offices, remote work, cross-department collaborationOffice-based, audit and review settings
Industry UsageFinance, healthcare, technology sectorsFinancial services, manufacturing, retail

Full Time Vendor Risk Management professionals focus on identifying and reducing risks associated with vendors, while Vendor Compliance Analysts primarily ensure vendors adhere to policies and regulations. Both roles require understanding of vendor processes but differ in scope and objectives.

More about Full Time Vendor Risk Management jobs
What cities are hiring for Full Time Vendor Risk Management jobs? Cities with the most Full Time Vendor Risk Management job openings:
What are the most commonly searched types of Vendor Risk Management jobs? The most popular types of Vendor Risk Management jobs are:
What job categories do people searching Full Time Vendor Risk Management jobs look for? The top searched job categories for Full Time Vendor Risk Management jobs are:
Infographic showing various Full Time Vendor Risk Management job openings in the United States as of July 2026, with employment types broken down into 74% Full Time, 24% Part Time, and 2% Contract. Highlights an 95% Physical, 1% Hybrid, and 4% Remote job distribution, with an average salary of $103,704 per year, or $49.9 per hour.
Client & Vendor Risk Manager

Client & Vendor Risk Manager

Baker Botts Llp

Dallas, TX

Full-time

Posted 7 days ago


Job description

ABOUT BAKER BOTTS

Baker Botts is a leading international law firm recognized for its deep understanding of the industries it serves. With offices across major global markets, the firm delivers sophisticated legal services while cultivating a collaborative, inclusive culture where both attorneys and professional staff contribute to client success and organizational excellence.

ABOUT THE ROLE

The Information Security Client & Vendor Risk Manager leads the firm’s client due diligence program and oversees all information security vetting for third party vendors across the firm. This role requires deep expertise in security frameworks, strong riskassessment judgment, and the ability to influence senior stakeholders, including internal stakeholders, and client security teams. The Manager acts as a key liaison between the firm’s clients, internal leadership, IT Security, Procurement, and Risk Management, ensuring the firm meets the heightened expectations of our clients.

WHAT YOU'LL DO

Primary Responsibilities

  • Own and mature the firmwide client and vendor duediligence program, ensuring consistency, accuracy, and alignment with the firm’s security posture and regulatory obligations.
  • Serve as the firm’s subjectmatter expert on informationsecurity controls, certifications, and risk posture during client audits, RFPs, and reviews or client engagement terms.
  • Lead complex vendorrisk assessments for highimpact technology and service providers, including review of SOC 2 reports, ISO 27001 certifications, penetrationtest results, cloudsecurity controls, dataprotection, privacy, and retention practices.
  • Develop and maintain the firm’s vendorrisk management framework, including riskscoring methodologies, onboarding workflows, and continuousmonitoring processes.
  • Partner with Procurement, IT, and Office of General Counsel to evaluate vendor contracts, negotiate security requirements, and recommend riskmitigation strategies.
  • Prepare the firm for client audits and regulatory reviews, coordinating evidence collection, documentation, and SME participation across multiple departments.
  • Represent the firm in clientfacing security discussions, including responding to escalated inquiries from corporate counsel, privacy officers, and client security teams.
  • Monitor emerging risks and regulatory developments relevant to the legal industry (e.g., SEC cybersecurity rules, state privacy laws, international datatransfer requirements).
  • Mentor junior analysts and contribute to the professional development of the broader Risk and Compliance team.
  • Drive continuous improvement, identifying opportunities to streamline duediligence workflows, enhance tracking and remediation of client-identified risks, and strengthen the firm’s security posture.

Additional Responsibilities

  • Provide management with periodic reports & briefings on evolving topics within their area of responsibility.
  • Other related projects and duties as assigned by the Director of Information Security.

WHAT YOU'LL BRING

Required

  • 6+ years of experience in information security, vendor risk management, compliance, or legalindustry operations, ideally within an Am Law 200 firm or similarly regulated environment.
  • Deep understanding of security frameworks and standards (SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, state privacy laws).
  • Experience conducting or leading vendorrisk assessments for enterpriselevel technology providers.
  • Strong communication skills, including the ability to brief partners, respond to client security teams, and translate technical concepts for nontechnical audiences.
  • Demonstrated ability to work independently, manage sensitive information, and lead crossfunctional initiatives in a highpressure environment.
  • Professional certifications such as CTPRA, ISO 27001 Lead Implementer or Lead Auditor and CISSP, CISM, CRISC, or CISA required.
  • Experience with legalindustry technologies (DMS, ediscovery platforms, cloudbased practicemanagement tools) is a plus.

HOW YOU'LL WORK

Extent of Contact

This position requires contact with individuals within the firms as follows:

  • Daily contact with staff from the Firm’s Information Technology, Client Development and Office of the General Counsel teams.
  • Moderate contact with Firm’s attorneys and client representatives.
  • Occasional contact with Firm Management.

This position requires contact with individuals outside the firm as follows:

  • Moderate contact with Firm vendors or potential vendors.
  • Moderate contact with Firm clients

Physical Requirements

  • Must be able to routinely lift and carry event materials and other items up to 10 pounds.
  • Must be able to work at a computer for extensive periods of time.
  • Position requires extensive telephone use.
  • Must be able to lift, squat, kneel and bend.
  • Position requires the ability to visit face-to-face and on the phone with firm lawyers.

Working Conditions and Environment

  • Position is full-time and requires a five-day work week and standard hours as outlined in the Firm policy manual. Additional hours, including weekend and evening hours may be required to perform the essential functions of the job.
  • Must be able to perform essential duties of the position with time constraints and frequent interruptions. 
  • Ability to work well in high pressure environments.
  • 24x7 communication access is required.
  • This position is fully remote. You will be required to come to the office periodically for team meetings or when there is a business or client need.
  • There is potential for travel when needed for team meetings, onsite assessments etc. when there is a business or client need.
  • When working remotely, you must have secure and reliable internet service and a safe, private workspace from which to work.

Baker Botts L.L.P. is an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, gender, sex, age, religion, creed, national origin, citizenship, marital status, sexual orientation, disability, medical condition, military and veteran status, gender identity or expression, genetic information, or any other basis protected by federal, state, or local law.