1

Third Party Risk Manager Jobs in Virginia (NOW HIRING)

Third-Party Risk Management * Own and enhance the Third-Party Risk Management (TPRM) framework, policy, process, and supporting technology in alignment with SOC 2 requirements. * Oversee technical ...

Third-Party Risk Management * Own and enhance the Third-Party Risk Management (TPRM) framework, policy, process, and supporting technology in alignment with SOC 2 requirements. * Oversee technical ...

Principal Risk Specialist

Mclean, VA · On-site

$99K/yr

Management, Internal Audit, Third Party Risk Management, etc. Basic Qualifications: * Bachelor's Degree in Business Or Marketing. * 4+ years of experience in Financial Services, Marketing, Compliance ...

Third-Party Risk Management * Own and enhance the Third-Party Risk Management (TPRM) framework, policy, process, and supporting technology in alignment with SOC 2 requirements. * Oversee technical ...

An MBA in Risk Management or Business (Finance) is a plus. * 5+ years with increasing ... as 3rd party contract review. Work experience, which involved frequently visiting local plants ...

Principal Risk Specialist

Richmond, VA · On-site

$97K/yr

Management, Internal Audit, Third Party Risk Management, etc. Basic Qualifications: * Bachelor's Degree in Business Or Marketing. * 4+ years of experience in Financial Services, Marketing, Compliance ...

Management, Internal Audit, Third Party Risk Management, etc. Basic Qualifications: * Bachelor's Degree in Business Or Marketing. * 4+ years of experience in Financial Services, Marketing, Compliance ...

Engage with underwriting, claims, actuarial, finance, IT, and legal & compliance teams to embed risk management practices * Support enterprise initiatives related to operational risk, third-party ...

Risk Analyst

Richmond, VA · On-site

$40 - $55/hr

... risk management programs. • Partner with colleagues, departments, and third-party vendors to verify information, resolve questions, and maintain accurate communication across involved parties. • ...

next page

Showing results 1-20

Third Party Risk Manager information

See Virginia salary details

$51.1K

$110.6K

$168.5K

How much do third party risk manager jobs pay per year?

As of Jul 14, 2026, the average yearly pay for third party risk manager in Virginia is $110,599.00, according to ZipRecruiter salary data. Most workers in this role earn between $89,200.00 and $127,900.00 per year, depending on experience, location, and employer.

What is the difference between Third Party Risk Manager vs Vendor Risk Analyst?

AspectThird Party Risk ManagerVendor Risk Analyst
CredentialsCertifications like CRISC, CTPRP often preferredCertifications such as CRISC, CTPRP common
Work EnvironmentOversees multiple vendors and third-party relationships at strategic levelFocuses on assessing specific vendor risks and compliance
Employer & Industry UsageUsed in finance, healthcare, and large corporations managing third-party risksCommon in IT, finance, and procurement departments
Search & Comparison IntentOften compared for broader risk management rolesCompared for detailed vendor risk assessments

The Third Party Risk Manager oversees the overall risk associated with third-party vendors, focusing on strategic risk mitigation. The Vendor Risk Analyst concentrates on evaluating individual vendors' risks and compliance. While both roles require similar certifications and work in related environments, the Risk Manager has a broader scope, whereas the Analyst specializes in detailed assessments.

What are the key skills and qualifications needed to thrive as a Third Party Risk Manager, and why are they important?

To thrive as a Third Party Risk Manager, you need a strong background in risk assessment, vendor management, and regulatory compliance, often supported by a degree in business, finance, or a related field. Familiarity with risk management frameworks, tools like GRC (Governance, Risk, and Compliance) platforms, and relevant certifications such as CTPRP (Certified Third Party Risk Professional) are highly beneficial. Excellent communication, analytical thinking, and stakeholder management skills set top performers apart in this role. These competencies are crucial for effectively identifying, mitigating, and communicating third-party risks to protect organizational assets and ensure regulatory compliance.

What is a Third Party Risk Manager?

A Third Party Risk Manager is a professional responsible for identifying, assessing, and mitigating risks associated with an organization's external vendors, suppliers, or partners. Their main job is to ensure that third-party relationships do not expose the company to undue financial, operational, regulatory, or reputational risk. This includes evaluating vendor security practices, monitoring compliance with contracts and regulations, and developing risk management policies. Third Party Risk Managers often collaborate with legal, procurement, and IT teams to safeguard the organization's interests. Their work is crucial in today's interconnected business environment, where companies increasingly rely on third-party services and products.

How does a Third Party Risk Manager typically collaborate with other departments to manage vendor risks?

A Third Party Risk Manager works closely with teams such as procurement, legal, IT security, and compliance to assess and monitor the risks associated with external vendors. They coordinate with these departments to perform due diligence, review contracts, and establish ongoing monitoring processes. Regular cross-functional meetings and clear communication channels are essential, as the role often requires aligning risk management strategies with organizational objectives and ensuring that vendor-related risks are identified and mitigated promptly.
What are popular job titles related to Third Party Risk Manager jobs in Virginia? For Third Party Risk Manager jobs in Virginia, the most frequently searched job titles are:
What cities in Virginia are hiring for Third Party Risk Manager jobs? Cities in Virginia with the most Third Party Risk Manager job openings:
Infographic showing various Third Party Risk Manager job openings in Virginia as of July 2026, with employment types broken down into 85% Full Time, 13% Part Time, 1% Temporary, and 1% Contract. Highlights an 86% Physical, 1% Hybrid, and 13% Remote job distribution, with an average salary of $110,599 per year, or $53.2 per hour.
GRC Team Lead

Other

Medical, Retirement, PTO

This job post has expired today. Applications are no longer accepted.


Job description

GRC Team Lead

CapTech is an award-winning consulting firm that collaborates with clients to achieve what's possible through the power of technology. At CapTech, we're passionate about the work we do and the results we achieve for our clients. From the outset, our founders shared a collective passion to create a consultancy centered on strong relationships that would stand the test of time. Today we work alongside clients that include Fortune 100 companies, mid-sized enterprises, and government agencies, a list that spans across the country.

The Information Security GRC Team Lead leads CapTech's Governance, Risk, and Compliance (GRC) function, helping set the strategy and owning the execution, and continuous improvement of the programs that keep CapTech and our clients secure and compliant. This is a hands-on leadership role: you will lead and mentor a GRC analyst while remaining personally engaged in the work, running assessments, engineering automation, and setting technical direction.

You will own CapTech's compliance posture across SOC 2, NIST 800-53, and NIST AI RMF, along with applicable privacy regulations; mature our third-party risk management program; modernize the GRC function through automation and GRC engineering; and establish the governance practices that allow CapTech to adopt AI safely. This position reports to the Head of Information Security and operates with a high degree of autonomy to make decisions and set direction with minimal oversight.

Leadership & Team Management

  • Lead, mentor, and develop a GRC analyst, setting priorities, coaching for growth, and serving as the escalation point for complex risk and compliance matters.
  • Operate as a player-coach: remain hands-on in assessments, engineering, and analysis while coordinating the team's day-to-day execution and quality.
  • Help set the strategic direction and roadmap for the GRC program, driving initiatives to completion and making decisions independently with minimal oversight.
  • Define goals, metrics, and quality standards for the team; provide input into performance reviews and team goals; and participate in hiring, onboarding, and career development.
  • Report on risk and compliance posture to executive leadership, translating technical risk into business terms for non-technical stakeholders.

Governance, Risk & Compliance

  • Own and mature CapTech's compliance programs across SOC 2, NIST 800-53, and NIST AI RMF, ensuring controls are well-designed, operating effectively, and continuously monitored.
  • Extend the compliance program to applicable privacy and regulatory obligations, including HIPAA and GDPR/CCPA, as driven by CapTech's client base.
  • Lead internal control assessments, gap analyses, and audit-readiness activities; manage external audits and coordinate evidence collection end to end.
  • Develop, maintain, and enforce the information security policy suite, partnering with policy owners to keep documentation current and aligned to controls.
  • Identify, assess, and prioritize information security risks; drive remediation to closure against SLAs, negotiating compensating controls with stakeholders where appropriate.

Third-Party Risk Management

  • Own and enhance the Third-Party Risk Management (TPRM) framework, policy, process, and supporting technology in alignment with SOC 2 requirements.
  • Oversee technical risk evaluations and due diligence of third-party vendors, tools, and services, and recommend actions to strengthen vendor security posture.
  • Lead responses to inbound client and partner security questionnaires, and support business development and contract-negotiation teams to ensure security terms align with RFPs and agreed contracts.

GRC Engineering & Automation

  • Own and administer CapTech's GRC / compliance-automation platform, driving continuous control monitoring and automated evidence collection.
  • Design and build workflow automations and integrations across security, IT, and compliance tooling to reduce manual effort, improve data quality, and accelerate audit readiness.
  • Instrument GRC metrics, dashboards, and reporting so that control health and risk posture are continuously visible to stakeholders.

AI Governance & AI-Enabled GRC

  • Establish and run CapTech's AI governance program (covering AI-use policy, model/tool inventory, and risk assessment), aligned to recognized frameworks such as the NIST AI Risk Management Framework and ISO/IEC 42001.
  • Assess and govern the risk of AI tools and AI-enabled vendors, integrating AI risk into the existing TPRM and control frameworks.
  • Leverage AI responsibly to accelerate GRC work, using large language models to draft and maintain policies, cross-walk controls across frameworks, and analyze and respond to security questionnaires.
  • Build AI-enabled automations and agents to streamline GRC tasks such as evidence review, risk triage, and reporting.
  • Serve as a subject-matter advisor on AI risk and secure AI adoption for CapTech.

Security Awareness & Reporting

  • Own the security awareness and training program, including selection, delivery, and new-hire training aligned to company policy.
  • Produce technical and executive-level reporting on the effectiveness of the information security and compliance program.

Basic Qualifications

  • 6+ years of experience in Information Security, Governance/Risk/Compliance, IT Audit, or a related field, including prior experience leading or mentoring team members or driving major security and compliance initiatives.
  • Working understanding of SOC 2, NIST 800-53, and NIST AI RMF or similar frameworks required.
  • One or more of the following certifications, or an agreed certification to be attained within an agreed timeframe: ISACA Certified in Risk and Information Systems Control (CRISC) or ISACA Certified Information Security Manager (CISM).
  • Demonstrated ability to communicate technical risk in non-technical terms to executives and business stakeholders.
  • Strong problem-solving, analytical, and critical-thinking skills, with the proven ability to set direction and make decisions independently.

Preferred Qualifications

  • Additional certifications such as Certified Information Systems Auditor (CISA), Certified in Governance, Risk and Compliance (CGRC), or equivalent risk/audit/compliance credentials.
  • Hands-on experience owning or administering a GRC / compliance-automation platforms
  • Experience automating GRC workflows through scripting or integration tooling (e.g., Python, PowerShell, APIs, or iPaaS / no-code automation platforms).
  • Experience establishing or operating an AI governance program, with familiarity in the NIST AI RMF and ISO/IEC 42001.
  • Experience with privacy and regulatory frameworks such as HIPAA and GDPR/CCPA.
  • Prior experience in a consulting environment or supporting Fortune 100 and other regulated clients.
  • Prior experience with vendor management and third-party risk assessments.
  • Strong knowledge of the Microsoft Office suite of tools.

We want everyone at CapTech to be able to envision a lasting and rewarding career here, which is why we offer a variety of career paths based on your skills and passions. You decide where and how you want to develop, and we help get you there with customizable career progression and a comprehensive benefits package to support you along the way. Alongside our suite of traditional benefits encompassing generous time off, health coverage, disability insurance, paid family leave and more, we've launched extended benefits to help meet our employees' needs.

  • Learning & Development – Programs offering certification and tuition support, digital on-demand learning courses, mentorship, and skill development paths
  • Modern Health –A mental health and well-being platform that provides 1:1 care, group support sessions, and self-serve resources to support employees and their families through life's ups and downs
  • Carrot Fertility –Inclusive fertility and family-forming coverage for all paths to parenthood – including adoption, surrogacy, fertility treatments, pregnancy, and more – and opportunities for employer-sponsored funds to help pay for care
  • Fringe –A company paid stipend program for personalized lifestyle benefits, allowing employees to choose benefits that matter most to them – ranging from vendors like Netflix, Spotify, and GrubHub to services like student loan repayment, travel, fitness, and more
  • Employee Resource Groups – Employee-led committees that embrace and incorporate diversity and inclusion into our day-to-day operations
  • Philanthropic Partnerships – Opportunities to engage in partnerships and pro-bono projects that support our communities.
  • 401(k) Matching – Generous matching and no vesting period to help you continue to build financial wellness