ZipRecruiter

Log In

1

Grc Third Party Risk Analyst Jobs (NOW HIRING)

EagleBank

Third-Party Risk Management Analyst

Bethesda, MD · On-site

$80K - $129K/yr

Responsibilities As a Third-Party Risk Management Analyst, you will play a critical role in ensuring that our partnership with vendors and service providers are secure, compliant and align with the ...

EagleBank

Third-Party Risk Management Analyst

Bethesda, MD · Hybrid

$80K - $129K/yr

Responsibilities As a Third-Party Risk Management Analyst, you will play a critical role in ensuring that our partnership with vendors and service providers are secure, compliant and align with the ...

Crowe LLP

Third Party Risk Manager

Chicago, IL

... analysis, identity management, access management, cloud security, or web security * Working ... Experience with Archer, ProcessUnity, ServiceNow, OneTrust, or other GRC/VRM platforms * Experience ...

Clayco

Senior GRC Analyst

Phoenix, AZ · On-site

... the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a Risk focused, highly ... This role will assume ownership of the Third-Party Risk Management (TPRM) process to gather details ...

Clayco

Senior GRC Analyst

Phoenix, AZ

The analyst transforms the risk register from a static document into a dynamic governance ... Engages as necessary in all GRC functions to maintain an understanding of process and procedures

Crowe LLP

Third Party Risk Manager

Charlotte, NC

... analysis, identity management, access management, cloud security, or web security * Working ... Experience with Archer, ProcessUnity, ServiceNow, OneTrust, or other GRC/VRM platforms * Experience ...

Clayco

Senior GRC Analyst

Atlanta, GA · On-site

... the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a Risk focused, highly ... This role will assume ownership of the Third-Party Risk Management (TPRM) process to gather details ...

Clayco

Senior GRC Analyst

Saint Louis, MO · On-site

The analyst transforms the risk register from a static document into a dynamic governance ... Engages as necessary in all GRC functions to maintain an understanding of process and procedures

Clayco

Senior GRC Analyst

Saint Louis, MO

The analyst transforms the risk register from a static document into a dynamic governance ... Engages as necessary in all GRC functions to maintain an understanding of process and procedures

Clayco

Senior GRC Analyst

Phoenix, AZ · On-site

... the Sr. GRC Analyst, Third-Party & Human Risk Management (TPHRM) is a Risk focused, highly ... This role will assume ownership of the Third-Party Risk Management (TPRM) process to gather details ...

next page

Showing results 1-20

All JobsGrc Third Party Risk Analyst Jobs

Grc Third Party Risk Analyst information

See salary details

$44.5K

$86.7K

$124.5K

How much do grc third party risk analyst jobs pay per year?

As of Jun 23, 2026, the average yearly pay for grc third party risk analyst in the United States is $86,688.00, according to ZipRecruiter salary data. Most workers in this role earn between $56,500.00 and $100,000.00 per year, depending on experience, location, and employer.

What are some typical challenges a GRC Third Party Risk Analyst may encounter when assessing vendors?

As a GRC Third Party Risk Analyst, you may face challenges such as obtaining timely and complete responses from vendors, especially when dealing with large or international organizations. Navigating varying levels of vendor maturity in risk management practices can also be difficult. Additionally, balancing the need for thorough risk assessments with fast-paced business timelines requires strong communication and prioritization skills. Collaborating closely with procurement, legal, and IT teams is essential to ensure all risks are properly identified and managed.

What are the key skills and qualifications needed to thrive as a GRC Third Party Risk Analyst, and why are they important?

To thrive as a GRC Third Party Risk Analyst, you need a strong understanding of risk management frameworks, compliance regulations, and vendor risk assessment methodologies, typically supported by a degree in information security, business, or a related field. Familiarity with GRC platforms (like Archer or ServiceNow), third-party risk management tools, and certifications such as CISA or CRISC is highly beneficial. Strong analytical thinking, attention to detail, and effective communication skills are essential soft skills for this role. These competencies ensure that organizations can accurately assess and mitigate third-party risks, maintaining compliance and protecting sensitive data.

What is a GRC Third Party Risk Analyst?

A GRC Third Party Risk Analyst is a professional who assesses and manages the risks associated with an organization’s external vendors, suppliers, or partners. Their role involves evaluating third-party compliance with regulatory standards and internal policies, identifying potential risks such as data breaches or non-compliance, and recommending mitigation strategies. They use frameworks like GRC (Governance, Risk, and Compliance) to help ensure that third-party relationships do not compromise the organization's security or reputation. This role often collaborates with procurement, legal, and IT teams to maintain robust risk management processes.

What is the difference between Grc Third Party Risk Analyst vs Grc Vendor Risk Analyst?

AspectGrc Third Party Risk AnalystGrc Vendor Risk Analyst
CertificationsCertifications like CRISC, CISA often preferredSame certifications commonly required
Work EnvironmentFocuses on third-party relationships and risk assessmentsPrimarily evaluates vendor-specific risks and compliance
Industry UsageUsed across finance, healthcare, and tech sectorsCommonly found in industries with extensive vendor networks

The Grc Third Party Risk Analyst and Grc Vendor Risk Analyst roles overlap significantly in certifications and work environment. The main difference lies in scope: the Third Party Risk Analyst assesses overall third-party relationships, while the Vendor Risk Analyst concentrates specifically on individual vendors. Both roles are vital for managing third-party risks in various industries.

More about Grc Third Party Risk Analyst jobs
What cities are hiring for Grc Third Party Risk Analyst jobs? Cities with the most Grc Third Party Risk Analyst job openings:
What states have the most Grc Third Party Risk Analyst jobs? States with the most job openings for Grc Third Party Risk Analyst jobs include:
What job categories do people searching Grc Third Party Risk Analyst jobs look for? The top searched job categories for Grc Third Party Risk Analyst jobs are:
Grc Third Party Risk Analyst jobs near you
Infographic showing various Grc Third Party Risk Analyst job openings in the United States as of June 2026, with employment types broken down into 89% Full Time, 9% Part Time, and 2% Contract. Highlights an 77% Physical, 9% Hybrid, and 14% Remote job distribution, with an average salary of $86,688 per year, or $41.7 per hour.
Senior Analyst - Third Party Risk Management

Senior Analyst - Third Party Risk Management

Sentara Healthcare

Norfolk, VA • On-site, Remote

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted yesterday

Sentara Health rating

6.8

Company rating: 6.8 out of 10

Based on 385 frontline employees who took The Breakroom Quiz

487th of 875 rated healthcare providers

Job description

City/State
Norfolk, VA
Work Shift
First (Days)
Overview:
Third Party Risk Management (TPRM) Senior Analyst is responsible for ensuring the organization effectively manages risks associated with third-party vendors and partners throughout the entire third-party lifecycle, including vendor selection, contract negotiation, ongoing monitoring, and termination. This involves not only identifying and evaluating risks but also collaborating with various teams, particularly Legal and Procurement, to embed risk mitigation strategies into contractual agreements.
Key responsibilities
  • Vendor Risk Assessment (VRA):
    • Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.
    • Utilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.
    • Analyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.
    • Engage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.
    • Perform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.
  • Contract Negotiation:
    • Partner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.
    • Provide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.
    • Work to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.
  • TPRM program development and maintenance:
    • Support the development, maintenance, and enhancement of the organization's Third-Party Risk Management program and framework.
    • Develop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.
    • Identify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.
  • Stakeholder collaboration and communication:
    • Build and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.
    • Provide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.
    • Communicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.
  • Ongoing monitoring and remediation:
    • Track identified risks associated with third parties and ensure timely reviews are performed.
    • Monitor key supplier performance against established SLAs and regulatory requirements.
    • Track and collaborate with internal partners and vendors to remediate any risk-related issues.

Education
  • Bachelor's degree in a relevant field such as Business, Finance, Information Technology, or a related discipline (Preferred)
  • Experience in lieu of Bachelor's Degree -7+ years of relevant experience without a degree

Certification/Licensure
  • CISA, CRISC, CISM, CISSP, or other relevant certifications are preferred

Experience
  • 5+ years of relevant experience with a degree
  • Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices.
  • Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM, and Shared Assessments SIG.
  • Working knowledge of contract management principles and practices, including contract negotiation and analysis.
  • Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences.
  • Strong analytical, critical thinking, and problem-solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy.
  • Ability to work collaboratively in a cross-functional environment and build strong relationships with internal and external partners.
  • Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC (Governance, Risk, and Compliance) tools like OneTrust (highly desirable), Archer, or ServiceNow

Keywords: TPRM, Third party Risk assessment
Benefits: Caring For Your Family and Your Career
Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to 10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance - 5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down - 10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.
Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.
In support of our mission "to improve health every day," this is a tobacco-free environment.
For positions that are available as remote work, Sentara Health employs associates in the following states:
Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.

What Sentara Health employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply