Document vendor risk assessments and identify control gaps * Drive remediation efforts and follow up with business owners and vendors * Maintain vendor risk inventory and supporting documentation ...
Document vendor risk assessments and identify control gaps * Drive remediation efforts and follow up with business owners and vendors * Maintain vendor risk inventory and supporting documentation ...
Document vendor risk assessments and identify control gaps * Drive remediation efforts and follow up with business owners and vendors * Maintain vendor risk inventory and supporting documentation ...
Document vendor risk assessments and identify control gaps * Drive remediation efforts and follow up with business owners and vendors * Maintain vendor risk inventory and supporting documentation ...
This role performs vendor risk assessments, evaluates control effectiveness, reviews supporting evidence, monitors remediation activities, and helps ensure thirdparty partners meet Choice's security ...
This role performs vendor risk assessments, evaluates control effectiveness, reviews supporting evidence, monitors remediation activities, and helps ensure thirdparty partners meet Choice's security ...
Senior Cybersecurity Risk Analyst - USA Remote
Phoenix, AZ · Remote
$130K - $160K/yr
Assess supply-chain and geopolitical risk (including country-of-origin and concentration concerns) and apply AI vendor risk frameworks (NIST AI RMF, ISO/IEC 42001) to AI-enabled products and services ...
Senior Cybersecurity Risk Analyst - USA Remote
Phoenix, AZ · Remote
$130K - $160K/yr
Assess supply-chain and geopolitical risk (including country-of-origin and concentration concerns) and apply AI vendor risk frameworks (NIST AI RMF, ISO/IEC 42001) to AI-enabled products and services ...
GRC Analyst
Phoenix, AZ · On-site
Strong experience in SaaS assessments, vendor risk management, or cloud security. * Good understanding of shared responsibility models across cloud providers. * Knowledge of regulatory and control ...
Quick apply
GRC Analyst
Phoenix, AZ · On-site
Strong experience in SaaS assessments, vendor risk management, or cloud security. * Good understanding of shared responsibility models across cloud providers. * Knowledge of regulatory and control ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
Senior Technology Risk Analyst
Tempe, AZ · On-site
Maintain strong oversight of thirdparty, vendor, and businesspartner risks and update the risk register to reflect identified issues or required remediation. * Analyze and assess risk findings and ...
Senior Technology Risk Analyst
Tempe, AZ · On-site
Maintain strong oversight of thirdparty, vendor, and businesspartner risks and update the risk register to reflect identified issues or required remediation. * Analyze and assess risk findings and ...
... vendor engagements; leading or supporting various programs, including risk and control self-assessment (RCSA), process, risk, and control, and other risk policies, standards, and processes. As part ...
... vendor engagements; leading or supporting various programs, including risk and control self-assessment (RCSA), process, risk, and control, and other risk policies, standards, and processes. As part ...
Risk Analyst - Insurance Compliance
Kingman, AZ · On-site
$56K - $61K/yr
Coordinate with vendors, contractors, event organizers, insurance brokers, and carriers to resolve insurance compliance issues and obtain required documentation. Conduct risk assessments related to ...
Risk Analyst - Insurance Compliance
Kingman, AZ · On-site
$56K - $61K/yr
Coordinate with vendors, contractors, event organizers, insurance brokers, and carriers to resolve insurance compliance issues and obtain required documentation. Conduct risk assessments related to ...
Senior Cybersecurity Third-Party Risk Analyst
Mesa, AZ · Remote
$99K - $128K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Mesa, AZ · Remote
$99K - $128K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Tempe, AZ · Remote
$95K - $123K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Tempe, AZ · Remote
$95K - $123K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Mesa, AZ · Remote
$99K - $128K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Mesa, AZ · Remote
$99K - $128K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Tempe, AZ · Remote
$95K - $123K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
Senior Cybersecurity Third-Party Risk Analyst
Tempe, AZ · Remote
$95K - $123K/yr
Senior Cybersecurity Third-Party Risk Analyst Company: The Boeing Company We are seeking a highly ... assessment processes to evaluate vendor controls, validate technical evidence, and drive ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
... assessments of risks related to third parties. * Responsible for designing and periodically ... Engage with risk domain SME's, vendors and vendor relationship managers * Serve as the point of ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
Perform vendor criticality assessments and support risk treatment activities aligned with regulatory expectations. * Maintain risk, issue, and incident logs and support governance reporting and ...
... audit findings, vendor risk, and resilience needs, then connecting those priorities to RSM ... Manage the internal sales process, including proposal development, competitive assessments, multi ...
... audit findings, vendor risk, and resilience needs, then connecting those priorities to RSM ... Manage the internal sales process, including proposal development, competitive assessments, multi ...
Consultant - Procurement and Third-Party Governance & Compliance
Tempe, AZ · On-site
$64K - $105K/yr
Help prepare risk assessments and contribute to annual audit and testing plans for the Third Party ... Exposure to third-party or vendor risk management concepts is preferred but not required. * Strong ...
Consultant - Procurement and Third-Party Governance & Compliance
Tempe, AZ · On-site
$64K - $105K/yr
Help prepare risk assessments and contribute to annual audit and testing plans for the Third Party ... Exposure to third-party or vendor risk management concepts is preferred but not required. * Strong ...
Vendor Risk Assessment information
What is the difference between Vendor Risk Assessment vs Vendor Compliance Analyst?
| Aspect | Vendor Risk Assessment | Vendor Compliance Analyst |
|---|---|---|
| Primary Focus | Evaluating risks associated with vendors and third-party providers | Ensuring vendors comply with policies, regulations, and contractual obligations |
| Certifications | Certifications like CISSP, CISA, or vendor risk management courses | Certifications such as CCEP, CISA, or compliance-specific credentials |
| Work Environment | Risk management teams, procurement, cybersecurity departments | Compliance teams, legal, procurement, and audit departments |
| Industry Usage | Common in finance, healthcare, and IT sectors | Prevalent in regulated industries like finance, healthcare, and manufacturing |
Vendor Risk Assessment focuses on identifying and mitigating risks posed by vendors, while Vendor Compliance Analysts ensure vendors adhere to policies and regulations. Both roles are essential for managing third-party relationships but differ in their primary objectives and activities.
What are the key skills and qualifications needed to thrive as a Vendor Risk Assessment professional, and why are they important?
What are some common challenges faced in a Vendor Risk Assessment role, and how can I prepare to address them?
What is a Vendor Risk Assessment?

Other
Medical, Dental, Vision, Retirement, PTO
Posted 9 days ago
OneAZ Credit Union rating
8.1
Based on 5 frontline employees who took The Breakroom Quiz
Job description
Join Us in Making an Impact
At OneAZ Credit Union, our success is measured only by yours. We're here to create lasting change in the lives of our members, our communities, and our team. If you're looking for a career with purpose, where your work truly matters-you've found it!
Who You Are
You're impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let's build something great together.
What You'll Do
This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027
- Perform risk-based due diligence and ongoing monitoring of third-party vendors
- Review and analyze Security questionnaires
- Review and analyze SOC 1 / SOC 2 reports
- Review and analyze Business continuity and disaster recovery documentation
- Document vendor risk assessments and identify control gaps
- Drive remediation efforts and follow up with business owners and vendors
- Maintain vendor risk inventory and supporting documentation
- Assist in preparing reports for management and regulatory exams
- Escalates overdue remediation items and unresolved control gaps.
- Support coordination of incident response activities (cybersecurity, and security/operational incidents)
- Track incidents from identification through resolution
- Manage incident documentation, evidence tracking, and record maintenance
- Assist in post-incident reviews, including root cause analysis and lessons learned
- Support development and maintenance of incident response procedures and playbooks
- Participate in incident response testing and tabletop exercises
- Compile and maintain reporting on Vendor risk assessments and outstanding issues
- Compile and maintain reporting on Incident trends and metrics
- Coordinate with IT and compliance teams to ensure timely execution of security operational requirements.
- Ensure documentation is complete, organized, and audit-ready
- Identify and deliver security training programs to employees, promoting best practices and enhancing the organization's security posture.
- Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
- Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels
What You Bring
- High School Diploma or GED Required
- Bachelors Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
- 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
- Understanding of vendor risk management and due diligence practices
- Familiarity with SOC reports and basic control frameworks
- Working knowledge of incident response lifecycle and documentation
- Strong attention to detail and documentation discipline
- Ability to manage multiple priorities and meet deadlines
- Effective written and verbal communication skills
- Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders.
- Strong written and verbal communication with consistent escalation and status reporting discipline.
Compensation & Benefits
- Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time, Low-cost Medical, Dental & Vision plans
- Paid childcare assistance
- Award-winning 401K
- Gym fee reimbursement
- Tuition Reimbursement
- Student loan repayment
- ...and much more. Explore all the details in our comprehensive Benefits Booklet
- Target hiring range $84,149.19 - $105,186.49 (Depending on experience and prior to any incentives this position is eligible for)
Why Join OneAZ?
At OneAZ, we're not just a credit union; we're a financial trailblazer that passionately cares about inspiring dreams and driving prosperity in the communities we serve. We exist to clear the way for dreamers and doers, aspiring to be the bank for new pioneers.
We are driving change in our communities, constantly improving our products and services so our members and their families can relentlessly pursue their dreams. By embodying our values and living our promise, you'll be part of a team committed to exceeding expectations and redefining what's possible.
Additional Notes:
Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights. Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Any individual who meets the definition of a mortgage loan originator (MLO) and is employed by a federal agency-regulated institution will need to be registered on the Nationwide Mortgage Licensing System (NMLS). Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.
What OneAZ Credit Union employees say
Pay
Hours and flexibility
Workplace
Get the full story on Breakroom
About OneAZ Credit Union
Sourced by ZipRecruiter
Industry
Commercial banking
Company size
201 - 500 Employees
Headquarters location
Phoenix, AZ, US
Year founded
1951