Position Overview The Senior Manager, Third Party Risk Management leads Asurion's enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third ...
Position Overview The Senior Manager, Third Party Risk Management leads Asurion's enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third ...
Cybersecurity Risk Analyst
Des Moines, IA · Hybrid
$30 - $35/hr
Nice to Have Internship or coursework related to cybersecurity, risk management, or information security. Familiarity with SOC 2 reports, information security frameworks, or vendor risk concepts.
Cybersecurity Risk Analyst
Des Moines, IA · Hybrid
$30 - $35/hr
Nice to Have Internship or coursework related to cybersecurity, risk management, or information security. Familiarity with SOC 2 reports, information security frameworks, or vendor risk concepts.
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Director Vendor Management
Coppell, TX · On-site
Knowledge of risk management frameworks and regulatory requirements * Thorough understanding of the ... vendors (CFPB, FNMA, HUD, OCC, etc.). * Advancedproficiencyin general computer use (MS Word, Excel ...
Director Vendor Management
Coppell, TX · On-site
Knowledge of risk management frameworks and regulatory requirements * Thorough understanding of the ... vendors (CFPB, FNMA, HUD, OCC, etc.). * Advancedproficiencyin general computer use (MS Word, Excel ...
Technology Risk Assessor
Smithfield, RI · On-site
Job Summary The Technology Risk Assessor is responsible for managing and assessing a portfolio of technology vendors, with a focus on vendor risk, performance, and overall value delivery. This role ...
Technology Risk Assessor
Smithfield, RI · On-site
Job Summary The Technology Risk Assessor is responsible for managing and assessing a portfolio of technology vendors, with a focus on vendor risk, performance, and overall value delivery. This role ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Managing the central vendor repository for the Firm and overseeing the automation of vendor on-boarding and off-boarding processes * Ensuring effective vendor risk mitigation plans and providing ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · On-site
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · On-site
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · Hybrid
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · Hybrid
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Risk Manager
Mclean, VA · On-site
$55 - $60/hr
Provide strategic thinking on next levels of maturity in Technology & Vendor Risk management * Act as a cross functional partner in the deployment of our information security program within the ...
Quick apply
Risk Manager
Mclean, VA · On-site
$55 - $60/hr
Provide strategic thinking on next levels of maturity in Technology & Vendor Risk management * Act as a cross functional partner in the deployment of our information security program within the ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
As CrowdStrike's ecosystem of vendors, partners, and suppliers continues to grow, this role will be ... Third Party Risk Program Management: Develop, implement, and maintain CrowdStrike's TPRM policies ...
As CrowdStrike's ecosystem of vendors, partners, and suppliers continues to grow, this role will be ... Third Party Risk Program Management: Develop, implement, and maintain CrowdStrike's TPRM policies ...
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Quick apply
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
Manage the central vendor repository for the Firm and oversee the automation of vendor on-boarding and off-boarding processes * Facilitate oversight of vendor risk, ensuring vendor relationship ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · Hybrid
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Enterprise Risk Management (ERM) Analyst
Folsom, CA · Hybrid
$110K - $120K/yr
Vendor Risk Management * Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance ...
Vendor Management Specialist
Los Angeles, CA · On-site
$60K - $65K/yr
This role supports risk management, cost optimization, and performance monitoring of vendors that provide critical services to the bank. POSITION RESPONSIBILITIES * Manage end-to-end vendor lifecycle ...
Quick apply
Vendor Management Specialist
Los Angeles, CA · On-site
$60K - $65K/yr
This role supports risk management, cost optimization, and performance monitoring of vendors that provide critical services to the bank. POSITION RESPONSIBILITIES * Manage end-to-end vendor lifecycle ...
This individual will help support the Vendor Risk Management (VRM) and Business Continuity Management (BCM) programs and will be responsible for assisting with efforts to expand the program ...
This individual will help support the Vendor Risk Management (VRM) and Business Continuity Management (BCM) programs and will be responsible for assisting with efforts to expand the program ...
Internship Vendor Risk Management information
What is the difference between Internship Vendor Risk Management vs Vendor Risk Analyst?
| Aspect | Internship Vendor Risk Management | Vendor Risk Analyst |
|---|---|---|
| Credentials | Relevant coursework, internships, or certifications in risk management or business | Bachelor's degree in risk management, finance, or related field; certifications like CRM or FRM are common |
| Work Environment | Internship setting within companies, assisting with vendor assessments and risk reviews | Full-time role analyzing vendor risks, developing risk mitigation strategies |
| Industry Usage | Used in organizations to train and evaluate potential future risk professionals | Commonly employed in finance, healthcare, and technology sectors for ongoing risk analysis |
Internship Vendor Risk Management focuses on learning and supporting vendor risk processes during an internship, while a Vendor Risk Analyst is a full-time professional responsible for analyzing and managing vendor risks within an organization.

Asurion rating
7.2
Based on 84 frontline employees who took The Breakroom Quiz
124th of 210 rated it services
Job description
The Senior Manager, Third Party Risk Management leads Asurion's enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third-party risk lifecycle-intake, inherent-risk tiering, due diligence, contract controls, continuous monitoring, reassessment, and secure offboarding-protecting Asurion and its carrier and partner ecosystem from risks introduced by vendors, service providers, and technology suppliers. The leader partners closely with Procurement, Legal, Privacy, business portfolio owners, and security control owners to translate fragmented vendor information into clear, defensible risk decisions. This is both a program-building and people-leadership role, maturing the vendor risk function in alignment with NIST CSF 2.0 and strengthening supply chain risk outcomes while embedding modern practices for emerging risks such as third-party AI tooling, SaaS sprawl, and vendor concentration.
Key Responsibilities- Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations.
- Define and maintain TPRM policy, standards, procedures, and risk-tiering methodology; secure governance approval and drive consistent adoption across the enterprise.
- Establish third-party risk appetite and tolerance thresholds with CISO and GRC leadership and apply them to vendor risk decisions.
- Embed risk gates within sourcing, onboarding, contracting, renewal, and offboarding in partnership with Procurement and Legal.
- Lead the full vendor risk lifecycle: intake, inherent-risk classification, due diligence, residual-risk determination, treatment/acceptance, contracting, continuous monitoring, reassessment, and offboarding.
- Operationalize inherent-risk tiering to scope assessment depth and cadence based on data sensitivity, access, criticality, and business impact.
- Direct security, privacy, and resilience assessments using methodologies such as SIG/Shared Assessments and evidence including SOC 2 Type II, ISO 27001, PCI AOC, and penetration test results.
- Evaluate fourth-party/Nth-party dependencies, vendor concentration, and systemic risk across the supplier portfolio.
- Establish and lead risk reviews for third-party AI/GenAI tooling with security and privacy teams; address model and data-handling risks and shadow AI.
- Translate findings into concise, business-relevant risk narratives and actionable remediation plans with owners and timelines.
- Operate continuous monitoring leveraging external risk ratings, periodic attestations, threat/breach intelligence, and event-driven triggers.
- Coordinate third-party incident response with SOC/IR; assess impact, drive containment, and track remediation to closure.
- Manage the third-party risk register and findings inventory; escalate aging or accepted risks through governance.
- Maintain visibility into critical vendor resilience and BC/DR posture for high-impact suppliers.
- Partner with Legal and Procurement to define and negotiate security, privacy, and resilience terms (control requirements, right-to-audit, breach notification SLAs, data protection, subprocessor controls).
- Develop a standardized library of contractual security requirements scaled to vendor risk tier.
- Define and report outcome-driven metrics and KRIs (e.g., residual risk trends, assessment cycle time/coverage, time-to-remediate, monitoring coverage, exception aging); deliver executive-ready reporting to governance forums.
- Serve as the primary point of contact for internal/external audits, regulatory exams, and carrier-partner due diligence.
- Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach performance, and scale capability through playbooks, training, and quality reviews.
- Drive operational efficiency via process automation and analyst-assistive tooling to focus effort on judgment-intensive decisions.
- 8+ years in information security, IT risk, or GRC, including 4+ years focused on third-party/vendor risk management.
- 2+ years of direct people leadership managing analysts or a risk team.
- Demonstrated experience designing or maturing a TPRM program lifecycle end to end.
- Strong working knowledge of NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and assessment standards such as SIG/Shared Assessments.
- Experience reviewing assurance artifacts (SOC 2 Type II, ISO certifications, penetration test reports) and translating them into risk decisions.
- Hands-on experience with TPRM/GRC platforms and continuous monitoring/security-rating tools (e.g., ProcessUnity, OneTrust, Prevalent/Mitratech, Whistic, BitSight, SecurityScorecard, or comparable).
- Experience partnering with Procurement and Legal on vendor contracting and security/privacy terms.
- Excellent written and verbal communication, including executive briefing and defensible risk narratives.
- Bachelor's degree in a related field or equivalent professional experience.
- Preferred: certifications such as CTPRP, CISSP, CISA, CRISC, or CISM; experience in regulated consumer or financial environments (e.g., GLBA, PCI DSS, state privacy laws); experience with AI/GenAI risk assessment; familiarity with three lines of defense; experience with automation or AI-assisted workflows in GRC.
- Sound risk judgment balancing rigor with business enablement and speed-to-value.
- Ability to influence without authority across Procurement, Legal, Privacy, Security, and business stakeholders.
- Program design, policy/standard development, and governance execution for TPRM.
- Expertise in vendor risk tiering, due diligence, continuous monitoring, issue management, and secure offboarding.
- Strong analytical skills to assess concentration, systemic risk, and fourth-party dependencies.
- Advanced communication skills; distills complex third-party risk into actionable executive decisions.
- Team leadership, talent development, and operational scaling through playbooks, training, and QA.
- Proficiency with metrics/KRIs, dashboards, and executive reporting.
- Negotiation of contractual security/privacy/resilience terms and control requirements.
N/A
Physical Demands- Stationary Position: Frequently
- Vision: 20/20 corrected vision
- Hearing: Receive detailed information if spoken to