Serve as the firm'ssubject matter experton third-party risk management. * Contribute to the development and execution of the firm'sTPRM strategy, roadmap, and target-state operating model. * Lead the ...
Serve as the firm'ssubject matter experton third-party risk management. * Contribute to the development and execution of the firm'sTPRM strategy, roadmap, and target-state operating model. * Lead the ...
This position is expected to independently manage complex risk assessments, lead oversight ... Third-Party Risk Management: * Perform quality assurance and effective challenge of third-party ...
This position is expected to independently manage complex risk assessments, lead oversight ... Third-Party Risk Management: * Perform quality assurance and effective challenge of third-party ...
The role will focus on Third Party Risk and resides within the Legal and Compliance's Operational ... The individual will play a critical strategic role in driving risk management oversight activities ...
The role will focus on Third Party Risk and resides within the Legal and Compliance's Operational ... The individual will play a critical strategic role in driving risk management oversight activities ...
The role will focus on Third Party Risk and resides within the Legal and Compliance's Operational ... The individual will play a critical strategic role in driving risk management oversight activities ...
The role will focus on Third Party Risk and resides within the Legal and Compliance's Operational ... The individual will play a critical strategic role in driving risk management oversight activities ...
This includes responsibilities for key operational risk functions such as Business Continuity, Third-Party Risk Management, and Corporate Insurance. This position, through specialized knowledge and ...
This includes responsibilities for key operational risk functions such as Business Continuity, Third-Party Risk Management, and Corporate Insurance. This position, through specialized knowledge and ...
Third-Party Risk Management • Develop and maintain a comprehensive Third-Party Risk Management (TPRM) framework. • Ensure third-party compliance with legal, regulatory, and internal policy ...
Quick apply
Third-Party Risk Management • Develop and maintain a comprehensive Third-Party Risk Management (TPRM) framework. • Ensure third-party compliance with legal, regulatory, and internal policy ...
Third-Party Risk Management • Develop and maintain a comprehensive Third-Party Risk Management (TPRM) framework. • Ensure third-party compliance with legal, regulatory, and internal policy ...
Third-Party Risk Management • Develop and maintain a comprehensive Third-Party Risk Management (TPRM) framework. • Ensure third-party compliance with legal, regulatory, and internal policy ...
GRC Lead / Cyber Risk Manager
$125K - $169K/yr
Evaluate vendor and third-party cybersecurity risks * Conduct security assessments and due ... NIST Risk Management Framework (RMF) * NIST SP 800-53 / 800-171 * Experience supporting audits ...
GRC Lead / Cyber Risk Manager
$125K - $169K/yr
Evaluate vendor and third-party cybersecurity risks * Conduct security assessments and due ... NIST Risk Management Framework (RMF) * NIST SP 800-53 / 800-171 * Experience supporting audits ...
GRC Lead / Cyber Risk Manager
Washington, DC · On-site
$125K - $169K/yr
... Third-Party Risk Management Evaluate vendor and third-party cybersecurity risks Conduct security assessments and due diligence reviews Ensure contractual security and compliance requirements are met ...
GRC Lead / Cyber Risk Manager
Washington, DC · On-site
$125K - $169K/yr
... Third-Party Risk Management Evaluate vendor and third-party cybersecurity risks Conduct security assessments and due diligence reviews Ensure contractual security and compliance requirements are met ...
Senior Cybersecurity Risk Analyst - USA Remote
Washington, DC · Remote
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Senior Cybersecurity Risk Analyst - USA Remote
Washington, DC · Remote
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Senior Cybersecurity Risk Analyst - USA Remote
Washington, DC · On-site +1
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Senior Cybersecurity Risk Analyst - USA Remote
Washington, DC · On-site +1
$130K - $160K/yr
Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake, inherent-risk tiering, security and privacy questionnaire administration, evidence collection and review ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements. * Communicate and prioritize the security team's assignments ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
... third-party risk, cloud security, incident response, and managed security leaders to identify ... expansion opportunities and design integrated risk advisory solutions. * Establish and maintain ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Evaluate governance, cybersecurity, technology and data controls, fraud risk management, and third-party risk programs. * Assess adherence to the DUS Guide, program requirements, and regulatory ...
Fraud Risk Manager
Silver Spring, MD · On-site
$104K - $173K/yr
Serve as a subject matter expert during regulatory examinations, internal audits, and third-party reviews related to fraud risk management. * Monitor evolving regulatory guidance (FFIEC, CFPB, OCC ...
Fraud Risk Manager
Silver Spring, MD · On-site
$104K - $173K/yr
Serve as a subject matter expert during regulatory examinations, internal audits, and third-party reviews related to fraud risk management. * Monitor evolving regulatory guidance (FFIEC, CFPB, OCC ...
Third Party Risk Manager information
See Hanover, MD salary details
$51.2K - $62K
4% of jobs
$62K - $72.7K
6% of jobs
$72.7K - $83.4K
11% of jobs
$87.4K is the 25th percentile. Wages below this are outliers.
$83.4K - $94.1K
11% of jobs
The median wage is $102.6K / yr.
$94.1K - $104.8K
23% of jobs
$104.8K - $115.6K
13% of jobs
$122.6K is the 75th percentile. Wages above this are outliers.
$115.6K - $126.3K
12% of jobs
$126.3K - $137K
8% of jobs
$137K - $147.7K
6% of jobs
$147.7K - $158.4K
4% of jobs
$158.4K - $169.1K
2% of jobs
$51.2K
$111K
$169.1K
How much do third party risk manager jobs pay per year?
What is the difference between Third Party Risk Manager vs Vendor Risk Analyst?
| Aspect | Third Party Risk Manager | Vendor Risk Analyst |
|---|---|---|
| Credentials | Certifications like CRISC, CTPRP often preferred | Certifications such as CRISC, CTPRP common |
| Work Environment | Oversees multiple vendors and third-party relationships at strategic level | Focuses on assessing specific vendor risks and compliance |
| Employer & Industry Usage | Used in finance, healthcare, and large corporations managing third-party risks | Common in IT, finance, and procurement departments |
| Search & Comparison Intent | Often compared for broader risk management roles | Compared for detailed vendor risk assessments |
The Third Party Risk Manager oversees the overall risk associated with third-party vendors, focusing on strategic risk mitigation. The Vendor Risk Analyst concentrates on evaluating individual vendors' risks and compliance. While both roles require similar certifications and work in related environments, the Risk Manager has a broader scope, whereas the Analyst specializes in detailed assessments.
What are the key skills and qualifications needed to thrive as a Third Party Risk Manager, and why are they important?
What is a Third Party Risk Manager?
How does a Third Party Risk Manager typically collaborate with other departments to manage vendor risks?

T. Rowe Price rating
9.1
Based on 21 frontline employees who took The Breakroom Quiz
Job description
Role Summary
TheDirector- ThirdParty Risk Management is aSecond Line of Defense (2LoD)leadership role responsible for thestrategic development, oversight, and ongoing maturation of the firm'sThirdPartyRisk Management (TPRM) program. Reporting to the Head of Privacy & TPRM, this role is regarded as asubject matter expert in third-party riskand plays a key role in shaping the firm's risk strategy, governance framework, and operating model following the implementation of anoutsourced TPRMcapability.
TheDirectorprovides independent oversight, crediblechallenge, and assurance over first-line and outsourced TPRM activities, while building a sustainable, regulator-ready 2LoD function aligned with the firm's risk appetite and regulatory expectations.
Responsibilities
TPRM Strategy & Program Leadership:
Serve as the firm'ssubject matter experton third-party risk management.
Contribute to the development and execution of the firm'sTPRM strategy, roadmap, and target-state operating model.
Lead the build-out and continuous improvement of a 2LoD TPRM functionfollowing outsourcing of due diligence and periodic reviews.
Define and maintain TPRM policies, standards, risk methodologies, and oversight frameworks aligned with regulatory expectations and industry best practices.
Ensure alignment of the TPRM program with enterprise risk appetite and governance structures.
Lead assessment of emergingthird partyrisks and technologies, including AI, andintegratefindings into TPRM strategy, governance, and executive reporting.
Oversight of Outsourced & First-Line TPRM Activities:
Provide independent oversight and effectivechallengeofoutsourced TPRM service providers, including due diligence execution and ongoing monitoring.
Oversight of monitoring activities related toSLAs, KPIs, quality assurance standards, and performance metrics for outsourced partners.
Report onsystemic control gaps, concentration risk, and emerging third-party risk themes across the vendor population.
Escalatematerialthird-party risk issues and control deficiencies throughappropriate governanceand risk committees.
Risk Governance, Reporting & Regulatory Readiness:
Design and deliver executive and board-level reporting on third-party risk, including trends, emerging risks, and risk appetite breaches.
Lead TPRM-related regulatory exams, internal audits, and management assurance activities.
Ensure TPRM documentation, evidence, and reporting areaudit-and exam-ready.
Partner with Enterprise Risk, Compliance, Legal, Information Security, Procurement, and Technology while maintaining 2LoD independence.
Leadership & Capability Development:
Provide leadership, guidance, and technical mentorship to TPRM risk analysts and managers.
Establish clear roles, responsibilities, and RACI alignment across 1LoD, 2LoD, and outsourced providers.
Drive adoption of data-driven, AI-enabled reporting and analytics to enhance risk insight and oversight efficiency.
Promote a strong risk culture and consistent application of third-party risk standards across the firm.
Qualifications
Required:
Bachelor's degree in Risk Management, Information Systems, Finance, Business, Law, ora relatedfield.10+ years of experience inthird-party risk management, operational risk, or compliance, withsignificant experiencein a2LoD capacitywithin financial services or asset management(or other industry subject to equivalent regulatory scrutiny).
Demonstrated experiencedesigning, implementing, or maturing a TPRM program, including oversight of outsourced or co-sourced models.
Deep understanding of regulatory expectations for third-party risk (e.g., SEC, FINRA, global regulators).
Proven ability tooperateas a trusted expert and strategic advisor to senior leadership.
Required Certifications (at least one): Certified Third Party Risk Professional (CTPRP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)
Preferred:
Advanced degree (MBA, JD, or equivalent).
Experience supporting global or complex vendor ecosystems.
Additionalcertifications:
ISO 27001 Lead Implementer or Auditor
PMP or equivalent program management certification
ExperienceleveragingAI, automation, or advanced analytics in TPRM oversight(e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
Tools & Technology (Preferred)
Extensive experience with TPRM and GRC platforms (e.g., ServiceNow, Coupa).
Strong executive-level reporting and data visualization skills (e.g., Power BI).
Experience implementing metrics, KRIs, and dashboards aligned to risk appetite.
Key Competencies
Recognizedexpertisein third-party risk management.
Strategic mindset with hands-on oversight capability.
Strong executive presence and ability to provide crediblechallenge.
Excellent written and verbal communication skills.
Ability to lead through influence in a matrixed, regulated environment.
FINRA Requirements
FINRA licenses are not required and will not be supported for this role.
Work Flexibility
This role is eligible for hybrid work, with up to one day per week from home.
What T. Rowe Price employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About T. Rowe Price
Sourced by ZipRecruiter
Industry
Funds, trusts and financial programs
Company size
5,001 - 10,000 Employees
Headquarters location
Baltimore, MD, US
Year founded
1937