1

Third Party Risk Jobs in Portland, OR (NOW HIRING)

Workers' Compensation Program Administration The Risk Manager manages the City's self-insured workers' compensation program and the contract between the City and third-party administrator for workers ...

Risk Manager

Gresham, OR

$108K - $155K/yr

Workers' Compensation Program Administration The Risk Manager manages the City's self-insured workers' compensation program and the contract between the City and third-party administrator for workers ...

next page

Showing results 1-20

Third Party Risk information

See Portland, OR salary details

$15

$32

$78

How much do third party risk jobs pay per hour?

As of Jul 4, 2026, the average hourly pay for third party risk in Portland, OR is $32.17, according to ZipRecruiter salary data. Most workers in this role earn between $20.67 and $41.06 per hour, depending on experience, location, and employer.

What are some common challenges faced in a Third Party Risk role and how can they be managed?

Professionals in Third Party Risk often encounter challenges such as managing a large and diverse vendor portfolio, staying updated on regulatory requirements, and ensuring timely risk assessments. Navigating communication gaps between internal stakeholders and external vendors can also be demanding. These challenges are typically managed by implementing robust risk assessment frameworks, fostering cross-functional collaboration, and leveraging technology to streamline due diligence and monitoring processes. Continuous training and clear communication protocols further help in addressing these complexities and maintaining effective third-party risk management.

What is the difference between Third Party Risk vs Vendor Risk Management?

AspectThird Party RiskVendor Risk Management
FocusAssessing risks from all external entities, including vendors, partners, and contractorsEvaluating risks specifically associated with third-party vendors
CredentialsRisk management certifications, compliance knowledgeVendor management certifications, procurement experience
Work EnvironmentCorporate risk teams, compliance departmentsProcurement, vendor management teams
Industry UsageFinancial, healthcare, technology sectorsPrimarily in supply chain and procurement functions

Third Party Risk encompasses a broader scope, including all external entities, while Vendor Risk Management specifically focuses on vendors. Both roles require risk assessment skills and industry knowledge, but Third Party Risk roles often involve broader compliance and strategic oversight.

What are the key skills and qualifications needed to thrive as a Third Party Risk professional, and why are they important?

To thrive as a Third Party Risk professional, you need a solid understanding of risk management principles, vendor assessment processes, and relevant regulatory frameworks, often supported by a degree in business, finance, or a related field. Familiarity with risk assessment tools, GRC (governance, risk, and compliance) software, and certifications such as Certified Third Party Risk Professional (CTPRP) are common requirements. Strong analytical thinking, attention to detail, and effective communication skills help you evaluate vendors and influence stakeholders. These skills are vital for identifying, mitigating, and managing risks associated with third-party relationships to protect organizational integrity and compliance.

What is Third Party Risk?

Third Party Risk refers to the potential risks and vulnerabilities an organization faces when working with external vendors, suppliers, or service providers. These risks can include data breaches, compliance violations, operational disruptions, and reputational damage resulting from the actions or failures of third parties. Managing third party risk involves identifying, assessing, monitoring, and mitigating these risks to protect the organization’s interests and ensure regulatory compliance.
What are the most commonly searched types of Third Party Risk jobs in Portland, OR? The most popular types of Third Party Risk jobs in Portland, OR are:
What are popular job titles related to Third Party Risk jobs in Portland, OR? For Third Party Risk jobs in Portland, OR, the most frequently searched job titles are:
What job categories do people searching Third Party Risk jobs in Portland, OR look for? The top searched job categories for Third Party Risk jobs in Portland, OR are:
What cities near Portland, OR are hiring for Third Party Risk jobs? Cities near Portland, OR with the most Third Party Risk job openings:
Infographic showing various Third Party Risk job openings in Portland, OR as of June 2026, with employment types broken down into 1% As Needed, 82% Full Time, 11% Part Time, and 6% Contract. Highlights an 91% Physical, 3% Hybrid, and 6% Remote job distribution, with an average salary of $66,918 per year, or $32.2 per hour.

Third-Party Risk Management Program Officer

Heritage Bank

Hillsboro, OR • On-site

$100K - $126K/yr

Other

Medical, Dental, Vision, Life, Retirement, PTO

Posted 21 days ago


Job description

Heritage Bank has an exciting opportunity to join our organization! We are seeking Third-Party Risk Management Program Officer to join our Risk and Compliance team. The third-party risk management program officer is responsible for the design, execution, and continuous improvement of the bank's third-party risk management program across the full vendor lifecycle, from onboarding through offboarding.

Operating within the Second Line of Defense (2LoD), this role provides governance and oversight to ensure operational alignment of the bank's TPRM processes across Information Security, Legal, Procurement, Business Units, and Internal Audit. This position is accountable for ensuring third-party risks, including cybersecurity, operational, compliance, reputational, and concentration risks, are appropriately identified, assessed, and monitored in alignment with regulatory expectations. The geographical location for this position is Tacoma, WA, Seattle, WA, Spokane, WA, or Portland, OR.

Base Salary Range: $100,884.00 - $126,105.00 - $151,326.00 annual The Role at a Glance: Leads and manages the Third-Party Risk Management (TPRM) Program, including development and continuous refinement of TPRM policies and procedures, risk tiering and segmentation models, risk rating methodologies, and vendor lifecycle control checkpoints. Ensures alignment of the TPRM program with enterprise risk management (ERM), information security, compliance, and legal frameworks. Oversees execution of inherent risk assessments, due diligence reviews, and control assessments across all third-party risk domains (cybersecurity, privacy, operational resilience, etc.).

Ensures appropriate engagement of cross-functional subject matter experts (e.g., Information Security, Legal, Compliance) and that roles and responsibilities are clearly defined within established processes. Defines and maintains program tools, templates, escalation protocols, and residual risk acceptance processes. Integrates and aligns TPRM program with related programs (e.g., Vendor Management, procurement, Business Continuity Planning, Information Security Risk Assessments, Cloud Governance, AI/Model Risk).

Establishes and tracks key risk indicators (KRIs). Provides executive-level reporting on third-party risk posture, program maturity, and systemic exposures (e.g., concentration risk, critical service dependency). Monitors and escalates open risk issues, overdue assessments, and policy exceptions.

Serves as the primary contact for regulatory exams and internal/external audits related to third-party risk. Performs continuous monitoring of Critical and High risk third parties. Maintains audit-ready documentation, evidence of program execution, and continuous improvement roadmap.

Monitors regulatory changes (e.g., OCC Bulletins, FFIEC updates, DORA, NYDFS, etc.) and updates program controls to align with evolving requirements. Core Skills and Qualifications: Bachelor’s degree in Business, Risk Management, Information Security or related field preferred. 5+ years of recent experience in a vendor risk management, third-party oversight, or enterprise risk program role within a financial services environment required.

Proven experience leading the development, implementation, and ongoing management of an enterprise-scale third-party risk management program required. Professional certifications as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or equivalent preferred. Equivalent combination of education, training, certifications, and/or relevant work experience may be considered.

Provide an exceptional level of service for internal and external customers, with the ability to build and maintain positive, professional relationships, to successfully interact with and influence all levels of management and functional and cross-functional areas across the organization. Highly effective listening, verbal, written, and telephone etiquette business communication skills, including effective questioning strategies, negotiation and presentation skills to communicate security-related concepts in a variety of settings, to a broad range of technical and non-technical staff. Ability to read, write, speak, and understand English well.

Strategic in approach to program design, problem solving, and decision-making, with demonstrated ability to quickly focus on key issues and make decisions under pressure of time constraints. Risk based mindset and strong analytical and critical thinking skills, with the ability to independently assess risk decisions and constructively challenge assumptions and conclusions. Thorough knowledge and understanding of regulatory frameworks (e.g.

FFIEC, GLBA, PCI-DSS, SOX, FFIEC, HIPAA etc.) and of NIST CSF, ISO 27001, COBIT, COSO and vendor risk management frameworks. Strong knowledge of information security assessment and auditing practices, including the ability to evaluate technical and business controls using established frameworks and methodologies, and to effectively interpret results from security tools and subject matter expert assessments. Thorough knowledge and understanding of related statutory banking compliance regulations issued by the FDIC, FinCEN, and Federal Reserve Board, with strong knowledge of privacy laws, such as GLBA and SOX.

Strong project management, planning, organizational, time management, and follow-up skills, demonstrating a strong sense of urgency and ability to execute quickly, timely and efficiently; independently ensuring that priorities are set and commitments and deadlines are met with minimal direction and oversight. Unquestionable integrity in handling sensitive and confidential information required. Proficient and advanced use and understanding of MS Office products (Word, Excel, Outlook), with the ability to adapt to and learn new technologies quickly.

Proficient use and understanding of third-party risk management software (ex. UpGuard, Tandem, Gartner, etc.). Work Environment/Conditions: Climate controlled office environment.

Work involves being able to concentrate on the matter at hand, under sometimes distracting work conditions, and frequent employee and customer contacts and interruptions during the day. Physical Demands/Effort: Work may involve the constant use of computer screens, reading of reports, and sitting throughout the day. Ability to operate a computer keyboard, multi-line telephone, photocopier, scanner and facsimile which often requires dexterity of hands and fingers with repetitive wrist and hand motion.

Typically sitting at a desk or table; intermittently standing, stooping, bending at the waist, walking, climbing, kneeling or crouching to file materials. Occasional lifting up to 20 lbs. (files, boxes, etc.).

At Heritage Bank, we work hard, but we also know how important it is to take time off to stay healthy, relax, and spend time doing what makes your heart happy! As part of our team, you’ll enjoy a total rewards package, which includes base salary based on the role, experience, and skill set, along with an exceptional benefits package (medical, dental, vision, life insurance, 401(k), community volunteer time), and generous time off policy. Full-time team members receive a minimum of 10 paid vacation days annually* and eight hours of paid sick leave per month*, while also enjoying 11 paid holidays each calendar year, and an annual float day.

*pro-rated from start date and/or hours worked.To view Benefits Summary: Apply > Current Openings > position > attachment. The above statements are intended to describe the general nature and level of work being performed and are not an exclusive list of all qualifications for this position. Heritage Bank is an Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other basis protected by applicable law.

Job applicants have certain legal rights. Please click here for information regarding these rights. If you need assistance completing the online application, please email: HBRecruiting@HeritageBankNW.com Salary Range Disclaimer The base salary range represents Heritage Bank’s current salary range for the position.

Actual salaries will vary depending on factors including, but not limited to, qualifications, experience, and job performance. The range listed is just one component of Heritage Bank’s total compensation package for full time and part time employees. Depending on position, other total compensation rewards may include, monthly, quarterly or annual incentive, and/or bonuses.

##JobCategory:Risk / Compliance## ##Street:3615 Pacific Avenue## ##City:Tacoma## ##State:WA## ##ZipCode:98418## ##Internal:false## *mon