2

Remote Vendor Risk Analyst Jobs in Tennessee (NOW HIRING)

For candidates not in those locations, we would consider fully remote work for a highly qualified ... data analysis * Working knowledge of the federal, state, and local regulations / ordinances ...

For candidates not in those locations, we would consider fully remote work for a highly qualified ... data analysis * Working knowledge of the federal, state, and local regulations / ordinances ...

Vendor Maintenance Coordinator

Nashville, TN ยท On-site +1

$39K - $55K/yr

Serves as level 1 escalation for offshore inquiries and partners with Vendor Maintenance Analyst on ... CP #Remote All employment offers are contingent upon the successful completion of both a pre ...

next page

Showing results 1-20

Remote Vendor Risk Analyst information

Can a risk analyst work remotely?

Yes, many risk analyst roles, including vendor risk analysts, can be performed remotely. These positions often require strong analytical skills, familiarity with risk management tools, and effective communication, which can be managed through digital collaboration platforms from any location. However, some employers may require occasional on-site visits or specific certifications depending on the company's policies.

Is TPRm a good career?

A Remote Vendor Risk Analyst role involves assessing and managing third-party risks to ensure compliance and security. It requires strong analytical skills, knowledge of risk management frameworks, and often involves working with tools like GRC software. This career can offer growth opportunities in risk management and compliance fields.

Do risk analysts make a lot of money?

Risk analysts, including vendor risk analysts, typically earn a median salary that varies by experience and location but generally ranges from $60,000 to $100,000 annually. Senior or specialized risk analysts with certifications like CRCM or CRISC can earn higher salaries, especially in industries with complex compliance requirements. The role often requires strong analytical skills and knowledge of risk management tools.

Is a grc analyst a good entry-level job?

A remote vendor risk analyst is often considered a suitable entry-level role for those interested in cybersecurity and risk management, as it typically requires foundational knowledge of compliance frameworks and risk assessment tools. The position offers opportunities to develop skills in vendor evaluation, security policies, and industry standards like ISO or NIST. However, some roles may prefer candidates with prior experience or certifications such as CISA or CRISC, so entry-level candidates should focus on gaining relevant knowledge and certifications to improve prospects.
What are the most commonly searched types of Vendor Risk Analyst jobs in Tennessee? The most popular types of Vendor Risk Analyst jobs in Tennessee are:
What are popular job titles related to Remote Vendor Risk Analyst jobs in Tennessee? For Remote Vendor Risk Analyst jobs in Tennessee, the most frequently searched job titles are:
What job categories do people searching Remote Vendor Risk Analyst jobs in Tennessee look for? The top searched job categories for Remote Vendor Risk Analyst jobs in Tennessee are:
What cities in Tennessee are hiring for Remote Vendor Risk Analyst jobs? Cities in Tennessee with the most Remote Vendor Risk Analyst job openings:
Sr. Information Security Governance, Risk and Compliance Analyst

Sr. Information Security Governance, Risk and Compliance Analyst

BlueCross BlueShield of Tennessee

Chattanooga, TN โ€ข On-site, Remote

Full-time

Posted 4 days ago

New


Job description

We are hiring a Sr. Information Security Governance, Risk, and Compliance (GRC) Analyst at BlueCross BlueShield of Tennessee!
In this role, you will help strengthen and mature BCBST's information security governance program by leading risk management, compliance, and assurance initiatives across the enterprise. You will serve as a key contributor in developing and maintaining Systems Security Plans (SSPs), beginning with enterprise-level security plans and extending into application-specific security documentation. You'll partner with technology and business stakeholders to support audit readiness efforts, manage security controls, assess risk, and ensure alignment with industry frameworks and regulatory requirements. This role plays an important part in protecting organizational assets while helping BCBST maintain a strong security and compliance posture.
To be successful in this role, in addition to the core job requirements, you'll bring strong cybersecurity knowledge, exceptional technical writing skills, and experience translating complex security requirements into clear, actionable documentation. You will be a strong candidate for this role if you have experience developing Systems Security Plans (SSPs), supporting audit and compliance activities, working with security frameworks and control management programs, and collaborating across technical teams to manage risk. Professional certifications such as CISA, CISM, or CISSP are highly preferred and will help distinguish top candidates.
Note:
  • This is a remote, work-from-home position, but the final round of interviews will take place on-site in our Chattanooga, TN office.
  • Candidates must be able to work Eastern Time Zone business hours.
  • Participation in an on-call rotation is required for approximately two weeks every 30 weeks.
  • Sponsorship is not available for this role.

Job Responsibilities
  • Lead SOC 2 Audit Support - Coordinate audit activities including evidence collection, control validation, and auditor engagement.
  • Manage and Validate Control Frameworks - Maintain control documentation, mappings, and narratives while partnering with control owners to ensure effectiveness and alignment with Trust Services Criteria and NIST frameworks.
  • Track Audit & Remediation Activities - Oversee audit findings, remediation efforts, and timely closure of issues.
  • Develop & Maintain NIST SSPs - Create and update System Security Plans (SSPs), including control implementations, inheritance, and system boundaries.
  • Drive Security Awareness Programs - Design and manage training initiatives, including phishing simulations and targeted campaigns.
  • Manage Policies & Governance Documentation - Oversee the full lifecycle of security policies, standards, and procedures to ensure compliance and audit readiness.
  • Conduct Enterprise & Third-Party Risk Management - Perform risk assessments, maintain risk registers, execute vendor risk assessments, and monitor remediation.
  • Oversee Vulnerability Management - Track vulnerability remediation against SLAs and collaborate with teams to mitigate risks.
  • Support Customer Security Assurance - Respond to RFPs and security questionnaires, ensuring accurate, compliant, and consistent security representations.
  • Leadership - Leads by example, actively supporting initiatives across all GRC areas while fostering a culture of collaboration and shared accountability.

Job Qualifications
Education
  • Bachelor's degree in a relevant field or an equivalent of four years of experience is required.

Experience
  • 5 years - Professional experience in Information Security or related IT roles with security-related responsibilities, including at least 2 years focused on Governance, Risk, and Compliance (GRC) functions.
  • Experience leveraging AI-enabled tools to automate and enhance GRC processes, improving efficiency, consistency, and scalability of governance, risk, and compliance activities preferred.

Skills/Certifications
  • Preferred, one or more of the following certifications required: CISSP, CRISC, CISA, or CISM.
  • Ability to assess and document organizational risks, including identifying impacts and recommending mitigation strategies.
  • Ability to interpret and apply regulatory requirements and industry frameworks (e.g., NIST, SOC 2, HIPAA) to organizational controls.
  • Ability to analyze security, compliance, and risk metrics to identify trends and drive continuous improvement.
  • Ability to communicate complex risk and compliance concepts clearly to both technical and non-technical stakeholders.
  • Ability to collaborate effectively across cross-functional teams to integrate governance, risk, and compliance practices into business processes.
  • Exceptional time management skills.
  • Excellent oral and written communication skills.
  • Strong interpersonal skills and ability to cultivate relationships with internal and external stakeholders, promoting diversity of people, perspectives and ideas.
  • Ability to work with all levels of staff and management.

N/A
Number of Openings Available
1
Worker Type:
Employee
Company:
BCBST BlueCross BlueShield of Tennessee, Inc.
Applying for this job indicates your acknowledgement and understanding of the following statements:
BCBST will recruit, hire, train and promote individuals in all job classifications without regard to race, religion, color, age, sex, national origin, citizenship, pregnancy, veteran status, sexual orientation, physical or mental disability, gender identity, or any other characteristic protected by applicable law.
Further information regarding BCBST's EEO Policies/Notices may be found by reviewing the following page:
BCBST's EEO Policies/Notices
BlueCross BlueShield of Tennessee is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at BlueCross BlueShield of Tennessee via-email, the Internet or any other method without a valid, written Direct Placement Agreement in place for this position from BlueCross BlueShield of Tennessee HR/Talent Acquisition will not be considered. No fee will be paid in the event the applicant is hired by BlueCross BlueShield of Tennessee as a result of the referral or through other means.