1

Third Party Risk Analyst Jobs (NOW HIRING)

As a Senior Third Party Risk Analyst, you'll play a critical role in ensuring the security, resilience, and integrity of the partners and technologies powering our platform. This is more than a ...

Senior Cybersecurity Third-Party Risk Analyst

Tempe, AZ · Remote

$95K - $123K/yr

Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments ...

Senior Cybersecurity Third-Party Risk Analyst

Tempe, AZ · Remote

$95K - $123K/yr

Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments ...

Senior Cybersecurity Third-Party Risk Analyst

Mesa, AZ · Remote

$99K - $128K/yr

Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly experienced Senior Cybersecurity Third-Party Risk Analyst to perform advanced, technical assessments ...

next page

Showing results 1-20

Third Party Risk Analyst information

See salary details

$15

$40

$65

How much do third party risk analyst jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for third party risk analyst in the United States is $40.49, according to ZipRecruiter salary data. Most workers in this role earn between $29.81 and $49.28 per hour, depending on experience, location, and employer.

How does a Third Party Risk Analyst typically collaborate with other departments to manage vendor risks?

A Third Party Risk Analyst works closely with departments such as procurement, legal, IT security, and compliance to assess and mitigate potential risks posed by vendors and service providers. Collaboration often involves reviewing contracts, conducting risk assessments, and ensuring vendors meet the organization's security and compliance requirements. Regular communication and joint meetings are common to align on risk standards and address any emerging concerns. This cross-functional teamwork ensures a comprehensive approach to managing third-party risks and maintaining regulatory compliance.

What is the difference between Third Party Risk Analyst vs Vendor Risk Analyst?

AspectThird Party Risk AnalystVendor Risk Analyst
CertificationsCertifications like CRISC, CISA often preferredSimilar certifications, often the same as Third Party Risk Analyst
Work EnvironmentFinancial institutions, corporations managing third-party relationshipsOrganizations assessing vendor security, compliance, and performance
Industry UsageCommon in finance, healthcare, and tech sectorsPrimarily in procurement, supply chain, and IT sectors

The main difference is that a Third Party Risk Analyst focuses on assessing risks associated with all third-party relationships, including vendors, partners, and service providers. A Vendor Risk Analyst specifically concentrates on evaluating risks posed by vendors and suppliers. While their roles overlap, the Third Party Risk Analyst has a broader scope, often handling multiple types of third-party relationships within various industries.

Is a grc analyst a good entry-level job?

A third-party risk analyst is often considered an entry-level role in risk management and compliance, suitable for individuals with strong analytical skills and knowledge of regulations like GDPR or HIPAA. The position typically involves assessing vendor risks, using tools like GRC software, and may require certifications such as CRISC or CISA. It provides a foundation for career growth in cybersecurity, compliance, or risk management fields.

How much does a third-party risk analyst make?

A third-party risk analyst typically earns between $60,000 and $100,000 annually, depending on experience, location, and industry. Entry-level positions may start lower, while experienced analysts with certifications like CRISC or CISSP can earn higher salaries.

Is third-party risk management a good career?

Third-party risk management is a growing field within risk analysis and compliance, focusing on assessing and mitigating risks from external vendors and partners. It requires skills in risk assessment, regulatory knowledge, and often involves using tools like risk management software. The role offers opportunities for career advancement in industries such as finance, healthcare, and technology.

What does a third-party risk analyst do?

A third-party risk analyst evaluates the risks associated with an organization’s external vendors, suppliers, and partners. They assess third-party security, compliance, and operational risks using tools like risk management software and often require knowledge of industry standards and certifications. Their goal is to ensure that external relationships do not compromise the organization’s security or compliance posture.

What are the key skills and qualifications needed to thrive as a Third Party Risk Analyst, and why are they important?

To thrive as a Third Party Risk Analyst, you need a solid understanding of risk management principles, vendor assessment processes, and compliance regulations, often supported by a degree in business, finance, or information security. Familiarity with risk assessment tools, GRC (Governance, Risk, and Compliance) platforms, and certifications like CTPRA or CRISC is highly valuable. Strong analytical thinking, attention to detail, and effective communication skills set exceptional analysts apart in this field. These competencies are crucial for identifying and mitigating vendor risks, ensuring organizational compliance, and safeguarding sensitive data.
What cities are hiring for Third Party Risk Analyst jobs? Cities with the most Third Party Risk Analyst job openings:
What are the most commonly searched types of Third Party Risk Analyst jobs? The most popular types of Third Party Risk Analyst jobs are:
What states have the most Third Party Risk Analyst jobs? States with the most job openings for Third Party Risk Analyst jobs include:
What job categories do people searching Third Party Risk Analyst jobs look for? The top searched job categories for Third Party Risk Analyst jobs are:
Infographic showing various Third Party Risk Analyst job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 86% Full Time, 6% Part Time, 1% Temporary, and 5% Contract. Highlights an 82% Physical, 5% Hybrid, and 13% Remote job distribution, with an average salary of $84,210 per year, or $40.5 per hour.
Senior Risk Analyst, Privacy & Third-Party Risk

Senior Risk Analyst, Privacy & Third-Party Risk

T Rowe Price

Baltimore, MD

Other

Re-posted 4 days ago


T. Rowe Price rating

9.1

Company rating: 9.1 out of 10

Based on 21 frontline employees who took The Breakroom Quiz


Job description

Role Summary

The Senior Risk Analyst - Privacy &ThirdPartyRisk is aSecond Line of Defense (2LoD)role and a member of theGlobal Privacy Office (GPO)andThirdPartyRisk Management (TPRM)function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities andoutsourced TPRM services,operatingwithminimal supervisionand a high degree of professional judgment.

This position is expected to independently manage complex risk assessments, lead oversight activities,identifyemerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.

Responsibilities

Privacy Risk- Global Privacy Office:

  • Independently provide 2LoD oversight of privacy risks arising from first-line business activitiesand serveas a subject matter resource on privacy risk matters.
  • Lead review andchallengeofPrivacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
  • Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
  • Independently review privacy incidents, including root cause analyses and remediation plans.
  • Provide technicalexpertiseandsupportthe implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
  • Support the process of Privacy and Security by Design reviews, in particular, wherethey relate to the development and deployment of new technologies.This includes reviewing technical implementation details and design documentation for new systems andfeatures, andproviding guidance on improving privacy features in
  • those systems.
  • Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
  • Identifyopportunities to enhance the Global Privacy Office's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm's required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, SharePoint sites).
  • Support the execution of the privacy compliance monitoring program.

Third-Party Risk Management:

  • Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
  • Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies asappropriate.
  • Identifysystemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
  • Support thirdparty cyber and information security risk review activities.
  • Contribute to the ongoing development of fourth-party risk governance and oversight practices.
  • Identifyopportunities to enhanceTRPM's technical capabilities, develop,testand work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm's requiredTPRMcompliance documentation (e.g.,Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).

Risk Governance, Reporting & Analytics:

  • Independently develop and deliver executive-level risk reporting, dashboards, and management information.
  • Assistwith monitoring and reporting emerging AI and technology risks across privacy andthird partyrisk, contributing to oversight of controls, assessments, and reporting.
  • Leverage AI-enabled tools and advanced analytics toidentifytrends, emerging risks, and control weaknesses.
  • Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
  • Maintainaccurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.

Qualifications

Required:

  • Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.
  • 5+ years of experience insecond-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management(or other industry subject to equivalent regulatory scrutiny).
  • Demonstrated ability tooperateindependently with minimal guidance in a 2LoD environment.
  • In-depth knowledge of global privacy regulations andoutsourced TPRM operating models.
  • Required Certifications (at least one):
  • Certified Information Privacy Professional (CIPP/US, CIPP/E)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Third Party Risk Professional (CTPP)

Preferred:

  • Experience leading or independently managing 2LoD privacy or TPRM oversight activities.
  • Asset management or broader financial services experience.
  • Additionalcertifications:
  • CIPM or CIPT
  • ISO 27001 Lead Implementer or Auditor
  • Familiarity with SEC, FINRA, and global regulatory expectations.

Tools & Technology (Preferred)

  • Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust,IBM OpenPages).
  • Strongproficiencywith reporting and analytics tools (e.g., Power BI, advanced Excel).
  • Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
  • Ability to automate reporting and improve risk visibility.

Key Competencies

  • Strong independent judgment and risk-based decision-making.
  • Ability to provide credible, effectivechallengeat senior levels.
  • Excellent written and verbal communication skills.
  • Strong issue management, quality assurance, and governance discipline.
  • Comfortoperatingautonomously in a global, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.


What T. Rowe Price employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom