ZipRecruiter

Log In

1

Senior Vendor Risk Analyst Jobs (NOW HIRING)

Hilltop Holdings

Vendor Risk Analyst

Dallas, TX · On-site

Hilltop Holdings is looking for a Vendor Risk Analyst to assist in maintaining, executing, and enhancing our Vendor Risk Management Program. Founded in 1998 and headquartered in Dallas, Texas ...

Chubb

Vendor Risk Analyst

Chicago, IL · On-site +1

The Vendor Risk Management Analyst will be responsible for assessing, monitoring, and mitigating ... senior management and other stakeholders. * Stay up to date with industry trends, regulatory ...

City National Bank

Vendor Risk Analyst

Los Angeles, CA · On-site

$34.55 - $55.19/hr

RISK ANALYST USMB WHAT IS THE OPPORTUNITY? This role will primarily be responsible for the ... Prepare reports of results for senior management. * Support state, federal and agency examinations ...

True Anomaly

Enterprise Risk Analyst

Denver, CO · On-site

... Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...

Northwest Community Bank

RISK ANALYST

Canton, CT · On-site

Support administration and adherence of enterprise risk management programs, including vendor risk ... Prepare reports, dashboards, summaries and presentations for senior management to support informed ...

Northwest Community Bank

RISK ANALYST

Canton, CT · On-site

Support administration and adherence of enterprise risk management programs, including vendor risk ... Prepare reports, dashboards, summaries and presentations for senior management to support informed ...

Pipe Recruit

Cybersecurity Risk Analyst

Jersey City, NJ · On-site

This role focuses on assessing risks across applications (on-prem and cloud), infrastructure, and third-party vendors through a formalized risk assessment program. The ideal candidate is analytical ...

Essex Property Trust, Inc.

$67K - $80K/yr

This role will report to the Senior Manager of Accounts Payable and will work closely with Essex ... Analyze trends in vendor risk, duplicates, and fraud attempts; recommend mitigation strategies.

ZS

Governance & Risk Analyst

Chicago, IL · On-site

$85K - $96K/yr

Governance & Risk Analyst in the Enterprise will... The GRC Analyst will support the organization ... Review vendor security questionnaires, supporting evidence, and contractual artifacts to assess ...

Pipe Recruit

Cybersecurity Risk Analyst

Dallas, TX · On-site

This role focuses on assessing risks across applications (on-prem and cloud), infrastructure, and third-party vendors through a formalized risk assessment program. The ideal candidate is analytical ...

aweeks@countrybank.com

Technology Risk Analyst

Ware, MA · Remote

$60K - $75K/yr

Technology Risk Analyst Being a Country Bank team member has a lot of perks! Our competitive total ... Coordinates with business areas/vendor owners and assist with new third-party vendor onboarding ...

next page

Showing results 1-20

People also search for

All JobsSenior Vendor Risk Analyst Jobs

Senior Vendor Risk Analyst information

See salary details

$53.5K

$109.8K

$142.5K

How much do senior vendor risk analyst jobs pay per year?

As of May 28, 2026, the average yearly pay for senior vendor risk analyst in the United States is $109,846.00, according to ZipRecruiter salary data. Most workers in this role earn between $90,500.00 and $137,000.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Senior Vendor Risk Analyst, and why are they important?

To thrive as a Senior Vendor Risk Analyst, you need expertise in risk assessment, vendor management, and compliance, typically backed by a bachelor’s degree in business, finance, or a related field. Familiarity with risk management frameworks (such as ISO 27001), third-party risk assessment tools, and certifications like CISA or CRVPM are highly valuable. Strong analytical thinking, attention to detail, and effective communication skills set candidates apart in this role. These skills are crucial to ensure organizational security, regulatory compliance, and the mitigation of risks posed by third-party vendors.

How does a Senior Vendor Risk Analyst typically collaborate with other departments in the organization?

A Senior Vendor Risk Analyst works closely with departments such as procurement, IT, legal, compliance, and business units to assess and manage third-party risks. Collaboration often involves gathering information on new and existing vendors, coordinating risk assessments, and advising on contract clauses to mitigate potential issues. Effective communication and relationship-building are crucial, as the analyst must ensure all stakeholders understand the risk landscape and their respective responsibilities. This cross-functional teamwork helps maintain a comprehensive risk management approach and supports organizational objectives.

What is a Senior Vendor Risk Analyst?

A Senior Vendor Risk Analyst is a professional responsible for evaluating and managing the risks associated with third-party vendors and suppliers. They assess vendor practices, review compliance with regulations, and ensure that vendors meet an organization's security and operational standards. This role often involves conducting risk assessments, monitoring vendor performance, and collaborating with internal teams to mitigate potential threats to the business. Senior Vendor Risk Analysts typically have a strong background in risk management, information security, and regulatory compliance.

What is the difference between Senior Vendor Risk Analyst vs Vendor Risk Analyst?

AspectSenior Vendor Risk AnalystVendor Risk Analyst
CertificationsCRISC, CISA, or similarEntry-level certifications or none
Experience5+ years in risk management or vendor assessment1-3 years in vendor risk or related fields
Work EnvironmentCorporate, financial, or technology sectorsSimilar industries, often entry-level roles
ResponsibilitiesLeading risk assessments, developing policies, mentoringConducting vendor evaluations, supporting risk processes

The main difference between a Senior Vendor Risk Analyst and a Vendor Risk Analyst lies in experience, responsibilities, and certifications. The senior role involves leadership, advanced risk assessments, and strategic planning, while the vendor risk analyst typically focuses on supporting assessments and data collection. Both roles are vital in managing third-party risks within organizations, but the senior position requires more expertise and oversight.

More about Senior Vendor Risk Analyst jobs
What cities are hiring for Senior Vendor Risk Analyst jobs? Cities with the most Senior Vendor Risk Analyst job openings:
What are the most commonly searched types of Vendor Risk Analyst jobs? The most popular types of Vendor Risk Analyst jobs are:
What states have the most Senior Vendor Risk Analyst jobs? States with the most job openings for Senior Vendor Risk Analyst jobs include:
What job categories do people searching Senior Vendor Risk Analyst jobs look for? The top searched job categories for Senior Vendor Risk Analyst jobs are:
Senior Vendor Risk Analyst jobs near you
Senior Vendor Risk Analyst

Senior Vendor Risk Analyst

Fortress Information Security

Atlanta, GA • Hybrid

$100K - $130K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 8 days ago

Job description

Senior Vendor Risk Analyst
Location: Hybrid – Candidates must be based in one of the following areas Naperville, IL / Birmingham, AL / Atlanta, GA. You will work out of the client site closest to your location three days per week, with an expectation of four days per week later in 2026.
Compensation: $100,000 - $130,000 per year, depending on experience and qualifications.
Employment Type: Full-Time
Travel: Less than 15%, occasional travel for industry collaboration or professional development
What you can expect as the Senior Vendor Risk Analyst at Fortress
The Senior Vendor Risk Analyst plays a pivotal role within the Supply Chain Risk Management (SCRM) team, leading third-party vendor risk assessments and shaping how a major energy organization manages supply chain cyber risk. Working directly with vendor relationship owners and cross-functional stakeholders across Legal, Supply Chain, Cybersecurity, and Technology, this role drives continuous improvement of the Third-Party Risk Management (TPRM) program and directly influences leadership-level business decisions. This position provides meaningful exposure to critical infrastructure protection under NERC CIP standards and offers a mission-driven opportunity to help secure systems that society depends on. This is an ideal role for an experienced risk professional seeking broad organizational influence, visibility, and impact. This role offers the opportunity to work closely with a major energy sector client in a highly integrated capacity. Based on performance, business needs, and client discretion, there may be future opportunities to transition into direct employment with the client organization.
Job Responsibilities:
  • In coordination with the customers vendor relationship owners, manage assessments of vendors’ security controls to identify shortfalls.
  • Communicate remediation options to the vendors
  • Collaborate with TPRM team members and business partners to complete assessments and determine risk mitigation strategies
  • Become an expert of the TPRM platform to identify and direct necessary customizations, enhancements, and record maintenance to a vendor-supported platform that enable relevant reporting and Program maturation
  • Develop an appreciation and understanding of various business units while employing your knowledge of security fundamentals to effectively communicate customer risk resulting from assessment findings
  • Proactively propose and implement changes to customer Program policy/practice to ensure a risk-informed approach to vendor/supply chain management
  • Collaborate across Supply Chain, Legal, Cybersecurity, and the Technology Organizations to create a shared picture of supplier risk
  • Support cross-functional teams to investigate, analyze, and make recommendations to leadership or process owners regarding technology solutions, security architecture, or security vulnerabilities
  • When appropriate, collaborate across Cyber org to identify compensating controls for significant vendor-specific risks to the company and its customers
  • Review vendor-proposed modifications to Master Service Agreements or Application Service Provider Agreements on behalf of customer to identify any unacceptable security risks associated with new language
  • Understand, relate, and transform regulatory requirements into information security policy, standards, procedures, and guidelines
  • Maintain current knowledge of information security concepts, technologies, and practices
  • Other duties as assigned
Required qualifications:
  • United States citizenship is required
  • 7-10 years experience in security risk assessment, risk management, compliance or auditing
  • Strong knowledge of security control frameworks (e.g., NIST SP 800-53, ISO/IEC 27001:2013)
  • Ability to communicate clearly, confidently, and knowledgeably to internal and external stakeholders regarding the Program and assessment results
  • Demonstrated history of critical, independent, and creative thinking to enable continuous improvement or business success within the constraints of security imperatives
  • Ability to holistically assess the risk of a third party engagement, considering control gaps, the nature of the vendor relationship, and the way a vendor's products/services are leveraged required
  • Must have demonstrated history of critical, independent, and creative thinking with high attention to detail; this will enable continuous improvement and ensure auditable record trail for all assessment data
  • Prior experience overseeing one or more people in support of a technology solution or program
  • Demonstrated ability to work with and in cross-functional teams
  • One or more of the following certifications: TPCRA, C3PRMP, CTPRA CISSP, CASP, CISA, CISM, GIAC, PMP
  • Must be able to pass NERC CIP and Insider Threat Program background screening due to access to sensitive critical infrastructure and information regarding security capabilities
  • Occasional travel for industry collaboration/influence or professional development is expected
  • This is a hybrid role but three days per week in the office (Naperville, IL, Birmingham, AL or Atlanta, GA) is expected initially but will grow to four days per week in office during 2026. In-office expectations may change over time depending on organizational policy and supervisor’s requirements.
Education:
  • Bachelor’s degree or equivalent experience in a related field required
Preferred qualifications:
  • Experience working in a highly regulated industry
  • Prior experience advocating security policies, practices, controls, and standards to business and IT teams
  • Familiarity with basic requirements for architecting secure information systems
  • Familiarity with NERC’s Critical Infrastructure Protection (CIP) standards
  • Experience with non-IT risk such as operational, financial, Compliance and Regulatory, Strategic Risk, Legal Risk, and ESG risk (Environmental, Social, and Governance)
Employee Benefits:
  • Remote and Hybrid working environment
  • Competitive pay structure
  • Medical, dental, vision plans with employees covered up to 90% with highly progressive options for dependents and families
  • Company paid life, short- and long-term disability insurance
  • Employee Assistance Program
  • 401(k) match
  • Flexible Paid Time Off
  • Parental Leave
Employment Perks:
  • We provide each employee with professional growth opportunities through succession planning, up-skilling, and certifications
  • Tuition and certification reimbursement
  • Employee Referral Programs
  • Company Sponsored Events
Fortress is proud to be an Equal Opportunity Employer. All employees and applicants will receive consideration for employment without regard to age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. Fortress Information Security takes part in the E-Verify process for all new hires.
For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will have to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.

Apply