Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations. * Define and ...
Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations. * Define and ...
Senior Cybersecurity Third-Party Risk Analyst
Denver, CO · Remote
$102K - $132K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... Maintain strong documentation & processes to support change management of automation logic, AI ...
New
Senior Cybersecurity Third-Party Risk Analyst
Denver, CO · Remote
$102K - $132K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... Maintain strong documentation & processes to support change management of automation logic, AI ...
New
Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding ...
Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into sourcing, contracting, onboarding ...
Senior Cybersecurity Third-Party Risk Analyst
Denver, CO · Remote
$102K - $132K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... Maintain strong documentation & processes to support change management of automation logic, AI ...
New
Senior Cybersecurity Third-Party Risk Analyst
Denver, CO · Remote
$102K - $132K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... Maintain strong documentation & processes to support change management of automation logic, AI ...
New
Senior Cybersecurity Risk Analyst - USA Remote
Denver, CO · Remote
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Senior Cybersecurity Risk Analyst - USA Remote
Denver, CO · Remote
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments ...
... third-party risk management, cloud security, incident readiness, and managed risk services. * Identify and qualify high-value expansion opportunities by analyzing client risk maturity, cyber program ...
... third-party risk management, cloud security, incident readiness, and managed risk services. * Identify and qualify high-value expansion opportunities by analyzing client risk maturity, cyber program ...
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
Compliment the company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, export control, reputational, and regulatory compliance risks.
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
Compliment the company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, export control, reputational, and regulatory compliance risks.
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
Complimentthe company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, exportcontrol, reputational, and regulatory compliance risks.
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
Complimentthe company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, exportcontrol, reputational, and regulatory compliance risks.
Senior Cyber Risk & Compliance Specialist
Greenwood Village, CO · On-site
$150K - $170K/yr
... third-party risk management, and cybersecurity governance initiatives. This role requires an experienced cybersecurity professional capable of independently leading projects, collaborating with ...
Senior Cyber Risk & Compliance Specialist
Greenwood Village, CO · On-site
$150K - $170K/yr
... third-party risk management, and cybersecurity governance initiatives. This role requires an experienced cybersecurity professional capable of independently leading projects, collaborating with ...
Compliance Operations Lead, Third-Party Due Diligence with Security Clearance
Westminster, CO · On-site
$159K/yr
Compliment the company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, export control, reputational, and regulatory compliance risks.
Compliance Operations Lead, Third-Party Due Diligence with Security Clearance
Westminster, CO · On-site
$159K/yr
Compliment the company's Third-Party Risk Management program by focusing specifically on sanctions, restricted-party, anti-corruption, export control, reputational, and regulatory compliance risks.
Governance Risk & Compliance (GRC) Analyst
Lakewood, CO · On-site
$55 - $65/hr
... management, and compliance initiatives across the organization. This role requires a proactive ... Vendor & Third-Party Risk * Conduct vendor security assessments, review questionnaires, validate ...
Governance Risk & Compliance (GRC) Analyst
Lakewood, CO · On-site
$55 - $65/hr
... management, and compliance initiatives across the organization. This role requires a proactive ... Vendor & Third-Party Risk * Conduct vendor security assessments, review questionnaires, validate ...
Your Impact You will drive Newmont's global IT risk, SOX, and third-party risk management strategy by advancing automation, strengthening controls, and improving risk visibility. Your work will ...
Your Impact You will drive Newmont's global IT risk, SOX, and third-party risk management strategy by advancing automation, strengthening controls, and improving risk visibility. Your work will ...
Risk Management Supervisor
Colorado Springs, CO · On-site
$95K - $143K/yr
Provides direct supervision to professional risk management staff and oversight of third-party administrators (TPA), vendors, and occupational health providers. Supports high-severity and high ...
Risk Management Supervisor
Colorado Springs, CO · On-site
$95K - $143K/yr
Provides direct supervision to professional risk management staff and oversight of third-party administrators (TPA), vendors, and occupational health providers. Supports high-severity and high ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional design and configuration of ServiceNow solutions, including forms, workflows, notifications, service ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional design and configuration of ServiceNow solutions, including forms, workflows, notifications, service ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Contributing to functional design and configuration of ServiceNow solutions, including forms, workflows, notifications ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Contributing to functional design and configuration of ServiceNow solutions, including forms, workflows, notifications ...
Senior Project Manager
Lone Tree, CO · On-site
$60 - $70/hr
Drive the execution of enterprise third-party integration programs across multiple concurrent workstreams, coordinating activities with diverse teams including Vendor Management, Third Party Risk ...
Senior Project Manager
Lone Tree, CO · On-site
$60 - $70/hr
Drive the execution of enterprise third-party integration programs across multiple concurrent workstreams, coordinating activities with diverse teams including Vendor Management, Third Party Risk ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional design and configuration of ServiceNow solutions, including forms, workflows, notifications, service ...
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Supporting functional design and configuration of ServiceNow solutions, including forms, workflows, notifications, service ...
Consultant - ServiceNow
Denver, CO · Remote
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Contributing to functional design and configuration of ServiceNow solutions, including forms, workflows, notifications ...
Consultant - ServiceNow
Denver, CO · Remote
... Third-Party Risk Management, and ServiceNow AI Control Tower use cases * Contributing to functional design and configuration of ServiceNow solutions, including forms, workflows, notifications ...
Third Party Risk Management information
See Colorado salary details
$54.2K - $65.5K
4% of jobs
$65.5K - $76.8K
6% of jobs
$76.8K - $88.1K
11% of jobs
$92.4K is the 25th percentile. Wages below this are outliers.
$88.1K - $99.5K
11% of jobs
The median wage is $108.5K / yr.
$99.5K - $110.8K
23% of jobs
$110.8K - $122.1K
13% of jobs
$129.6K is the 75th percentile. Wages above this are outliers.
$122.1K - $133.4K
12% of jobs
$133.4K - $144.8K
8% of jobs
$144.8K - $156.1K
6% of jobs
$156.1K - $167.4K
4% of jobs
$167.4K - $178.8K
2% of jobs
$54.2K
$117.3K
$178.8K
How much do third party risk management jobs pay per year?
What is a Third Party Risk Management job?
A Third Party Risk Management (TPRM) job involves assessing, monitoring, and mitigating risks associated with an organization's external vendors, suppliers, and service providers. Professionals in this role evaluate third parties for compliance, cybersecurity vulnerabilities, financial stability, and operational risks. They develop frameworks, conduct risk assessments, and ensure that vendors meet regulatory and organizational standards. TPRM specialists collaborate with internal teams like compliance, procurement, and IT security to protect the organization's interests. Their goal is to minimize potential disruptions, data breaches, or regulatory non-compliance stemming from third-party relationships.
What are some common challenges faced in a Third Party Risk Management role, and how are they addressed?
One of the primary challenges in Third Party Risk Management is keeping up with evolving regulatory requirements and the diverse risk profiles of different vendors. Professionals in this role often encounter situations where they must coordinate risk assessments across multiple departments and ensure timely responses from both internal teams and external partners. To address these challenges, strong project management skills, proactive communication, and the use of dedicated risk management tools are essential. Many organizations also emphasize ongoing training and cross-functional collaboration to stay ahead of emerging risks and regulatory changes.
What are the key skills and qualifications needed to thrive in the Third Party Risk Management position, and why are they important?
To thrive in Third Party Risk Management, you need a strong understanding of risk assessment, compliance regulations, vendor management, and data analysis, typically supported by a bachelor's degree in business, finance, or a related field. Familiarity with risk assessment tools, third-party risk management platforms (such as Archer or ProcessUnity), and certifications like Certified Third Party Risk Professional (CTPRP) are common in this field. Exceptional communication, negotiation, and analytical-thinking skills are crucial soft skills for engaging vendors and stakeholders effectively. These abilities ensure comprehensive risk mitigation and help organizations maintain compliance and security while building strong external partnerships.

Asurion rating
7.2
Based on 84 frontline employees who took The Breakroom Quiz
121st of 208 rated it services
Job description
The Senior Manager, Third Party Risk Management leads Asurion's enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third-party risk lifecycle-intake, inherent-risk tiering, due diligence, contract controls, continuous monitoring, reassessment, and secure offboarding-protecting Asurion and its carrier and partner ecosystem from risks introduced by vendors, service providers, and technology suppliers. The leader partners closely with Procurement, Legal, Privacy, business portfolio owners, and security control owners to translate fragmented vendor information into clear, defensible risk decisions. This is both a program-building and people-leadership role, maturing the vendor risk function in alignment with NIST CSF 2.0 and strengthening supply chain risk outcomes while embedding modern practices for emerging risks such as third-party AI tooling, SaaS sprawl, and vendor concentration.
Key Responsibilities- Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations.
- Define and maintain TPRM policy, standards, procedures, and risk-tiering methodology; secure governance approval and drive consistent adoption across the enterprise.
- Establish third-party risk appetite and tolerance thresholds with CISO and GRC leadership and apply them to vendor risk decisions.
- Embed risk gates within sourcing, onboarding, contracting, renewal, and offboarding in partnership with Procurement and Legal.
- Lead the full vendor risk lifecycle: intake, inherent-risk classification, due diligence, residual-risk determination, treatment/acceptance, contracting, continuous monitoring, reassessment, and offboarding.
- Operationalize inherent-risk tiering to scope assessment depth and cadence based on data sensitivity, access, criticality, and business impact.
- Direct security, privacy, and resilience assessments using methodologies such as SIG/Shared Assessments and evidence including SOC 2 Type II, ISO 27001, PCI AOC, and penetration test results.
- Evaluate fourth-party/Nth-party dependencies, vendor concentration, and systemic risk across the supplier portfolio.
- Establish and lead risk reviews for third-party AI/GenAI tooling with security and privacy teams; address model and data-handling risks and shadow AI.
- Translate findings into concise, business-relevant risk narratives and actionable remediation plans with owners and timelines.
- Operate continuous monitoring leveraging external risk ratings, periodic attestations, threat/breach intelligence, and event-driven triggers.
- Coordinate third-party incident response with SOC/IR; assess impact, drive containment, and track remediation to closure.
- Manage the third-party risk register and findings inventory; escalate aging or accepted risks through governance.
- Maintain visibility into critical vendor resilience and BC/DR posture for high-impact suppliers.
- Partner with Legal and Procurement to define and negotiate security, privacy, and resilience terms (control requirements, right-to-audit, breach notification SLAs, data protection, subprocessor controls).
- Develop a standardized library of contractual security requirements scaled to vendor risk tier.
- Define and report outcome-driven metrics and KRIs (e.g., residual risk trends, assessment cycle time/coverage, time-to-remediate, monitoring coverage, exception aging); deliver executive-ready reporting to governance forums.
- Serve as the primary point of contact for internal/external audits, regulatory exams, and carrier-partner due diligence.
- Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach performance, and scale capability through playbooks, training, and quality reviews.
- Drive operational efficiency via process automation and analyst-assistive tooling to focus effort on judgment-intensive decisions.
- 8+ years in information security, IT risk, or GRC, including 4+ years focused on third-party/vendor risk management.
- 2+ years of direct people leadership managing analysts or a risk team.
- Demonstrated experience designing or maturing a TPRM program lifecycle end to end.
- Strong working knowledge of NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and assessment standards such as SIG/Shared Assessments.
- Experience reviewing assurance artifacts (SOC 2 Type II, ISO certifications, penetration test reports) and translating them into risk decisions.
- Hands-on experience with TPRM/GRC platforms and continuous monitoring/security-rating tools (e.g., ProcessUnity, OneTrust, Prevalent/Mitratech, Whistic, BitSight, SecurityScorecard, or comparable).
- Experience partnering with Procurement and Legal on vendor contracting and security/privacy terms.
- Excellent written and verbal communication, including executive briefing and defensible risk narratives.
- Bachelor's degree in a related field or equivalent professional experience.
- Preferred: certifications such as CTPRP, CISSP, CISA, CRISC, or CISM; experience in regulated consumer or financial environments (e.g., GLBA, PCI DSS, state privacy laws); experience with AI/GenAI risk assessment; familiarity with three lines of defense; experience with automation or AI-assisted workflows in GRC.
- Sound risk judgment balancing rigor with business enablement and speed-to-value.
- Ability to influence without authority across Procurement, Legal, Privacy, Security, and business stakeholders.
- Program design, policy/standard development, and governance execution for TPRM.
- Expertise in vendor risk tiering, due diligence, continuous monitoring, issue management, and secure offboarding.
- Strong analytical skills to assess concentration, systemic risk, and fourth-party dependencies.
- Advanced communication skills; distills complex third-party risk into actionable executive decisions.
- Team leadership, talent development, and operational scaling through playbooks, training, and QA.
- Proficiency with metrics/KRIs, dashboards, and executive reporting.
- Negotiation of contractual security/privacy/resilience terms and control requirements.
N/A
Physical Demands- Stationary Position: Frequently
- Vision: 20/20 corrected vision
- Hearing: Receive detailed information if spoken to