1

Vendor Risk Assessment Jobs in Arizona (NOW HIRING)

Strong experience in SaaS assessments, vendor risk management, or cloud security. * Good understanding of shared responsibility models across cloud providers. * Knowledge of regulatory and control ...

Maintain strong oversight of thirdparty, vendor, and businesspartner risks and update the risk register to reflect identified issues or required remediation. * Analyze and assess risk findings and ...

next page

Showing results 1-20

Vendor Risk Assessment information

What is the difference between Vendor Risk Assessment vs Vendor Compliance Analyst?

AspectVendor Risk AssessmentVendor Compliance Analyst
Primary FocusEvaluating risks associated with vendors and third-party providersEnsuring vendors comply with policies, regulations, and contractual obligations
CertificationsCertifications like CISSP, CISA, or vendor risk management coursesCertifications such as CCEP, CISA, or compliance-specific credentials
Work EnvironmentRisk management teams, procurement, cybersecurity departmentsCompliance teams, legal, procurement, and audit departments
Industry UsageCommon in finance, healthcare, and IT sectorsPrevalent in regulated industries like finance, healthcare, and manufacturing

Vendor Risk Assessment focuses on identifying and mitigating risks posed by vendors, while Vendor Compliance Analysts ensure vendors adhere to policies and regulations. Both roles are essential for managing third-party relationships but differ in their primary objectives and activities.

What are the key skills and qualifications needed to thrive as a Vendor Risk Assessment professional, and why are they important?

To thrive in Vendor Risk Assessment, you need a solid understanding of risk management principles, third-party due diligence, and regulatory compliance, often supported by a degree in business, IT, or a related field. Familiarity with risk assessment tools, governance frameworks (like ISO 27001), and platforms such as GRC (Governance, Risk, and Compliance) systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help professionals assess vendor risks and collaborate across departments. These skills are crucial for identifying, mitigating, and communicating risks that could impact an organization’s operations, security, or reputation.

What are some common challenges faced in a Vendor Risk Assessment role, and how can I prepare to address them?

Professionals in Vendor Risk Assessment often encounter challenges such as managing large volumes of vendor data, ensuring compliance with evolving regulations, and effectively communicating risks to both internal stakeholders and vendors. To prepare for these challenges, it's important to develop strong organizational and analytical skills, stay informed about regulatory changes, and build effective communication strategies. Collaborating closely with procurement, legal, and IT teams is also essential for gathering accurate information and implementing risk mitigation measures.

What is a Vendor Risk Assessment?

A Vendor Risk Assessment is a process used by organizations to evaluate and manage the potential risks associated with outsourcing services or products to third-party vendors. The assessment typically examines areas such as data security, regulatory compliance, financial stability, and operational practices of the vendor. Its purpose is to identify potential vulnerabilities or threats that could impact the organization if the vendor fails to meet expectations or is compromised. Regular vendor risk assessments help ensure that third-party relationships do not expose the company to undue risk and that appropriate controls are in place.
What are popular job titles related to Vendor Risk Assessment jobs in Arizona? For Vendor Risk Assessment jobs in Arizona, the most frequently searched job titles are:
What cities in Arizona are hiring for Vendor Risk Assessment jobs? Cities in Arizona with the most Vendor Risk Assessment job openings:
Infographic showing various Vendor Risk Assessment job openings in Arizona as of July 2026, with employment types broken down into 2% As Needed, 80% Full Time, 15% Part Time, and 3% Contract. Highlights an 93% Physical, 1% Hybrid, and 6% Remote job distribution.
Third-Party Risk & Senior InfoSec Analyst

Third-Party Risk & Senior InfoSec Analyst

OneAZ Credit Union

Phoenix, AZ

Other

Medical, Dental, Vision, Retirement, PTO

Posted 9 days ago


OneAZ Credit Union rating

8.1

Company rating: 8.1 out of 10

Based on 5 frontline employees who took The Breakroom Quiz


Job description

Join Us in Making an Impact  

At OneAZ Credit Union, our success is measured only by yours. We're here to create lasting change in the lives of our members, our communities, and our team. If you're looking for a career with purpose, where your work truly matters-you've found it! 

Who You Are  

You're impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let's build something great together. 

What You'll Do  

This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027

The Third-Party Risk & Senior Infosec Analyst supports the credit union's vendor risk management, incident response coordination, and information security governance and oversight programs. This role is responsible for performing risk assessments of third-party vendors, supporting incident management activities, and providing administrative and operational support for the Information security governance and oversight program.
 
The position works cross-functionally with Information Security, Risk Management, and IT.
 
Essential Functions
  • Perform risk-based due diligence and ongoing monitoring of third-party vendors  
  • Review and analyze Security questionnaires
  • Review and analyze SOC 1 / SOC 2 reports
  • Review and analyze Business continuity and disaster recovery documentation
  • Document vendor risk assessments and identify control gaps
  • Drive remediation efforts and follow up with business owners and vendors
  • Maintain vendor risk inventory and supporting documentation
  • Assist in preparing reports for management and regulatory exams
  • Escalates overdue remediation items and unresolved control gaps.
  • Support coordination of incident response activities (cybersecurity, and security/operational incidents)
  • Track incidents from identification through resolution
  • Manage incident documentation, evidence tracking, and record maintenance
  • Assist in post-incident reviews, including root cause analysis and lessons learned
  • Support development and maintenance of incident response procedures and playbooks
  • Participate in incident response testing and tabletop exercises
  • Compile and maintain reporting on Vendor risk assessments and outstanding issues
  • Compile and maintain reporting on Incident trends and metrics
  • Coordinate with IT and compliance teams to ensure timely execution of security operational requirements.
  • Ensure documentation is complete, organized, and audit-ready
  • Identify and deliver security training programs to employees, promoting best practices and enhancing the organization's security posture.
  • Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
  • Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels

What You Bring

  • High School Diploma or GED Required
  • Bachelors Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
  • 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
  • Understanding of vendor risk management and due diligence practices
  • Familiarity with SOC reports and basic control frameworks
  • Working knowledge of incident response lifecycle and documentation
  • Strong attention to detail and documentation discipline
  • Ability to manage multiple priorities and meet deadlines
  • Effective written and verbal communication skills
  • Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders.
  • Strong written and verbal communication with consistent escalation and status reporting discipline.

Compensation & Benefits 

  • Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time, Low-cost Medical, Dental & Vision plans 
  • Paid childcare assistance
  • Award-winning 401K
  • Gym fee reimbursement 
  • Tuition Reimbursement 
  • Student loan repayment
  • ...and much more. Explore all the details in our comprehensive Benefits Booklet
  • Target hiring range $84,149.19 - $105,186.49 (Depending on experience and prior to any incentives this position is eligible for)

Why Join OneAZ? 

At OneAZ, we're not just a credit union; we're a financial trailblazer that passionately cares about inspiring dreams and driving prosperity in the communities we serve. We exist to clear the way for dreamers and doers, aspiring to be the bank for new pioneers. 

We are driving change in our communities, constantly improving our products and services so our members and their families can relentlessly pursue their dreams. By embodying our values and living our promise, you'll be part of a team committed to exceeding expectations and redefining what's possible. 

Additional Notes:  

Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights. Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Any individual who meets the definition of a mortgage loan originator (MLO) and is employed by a federal agency-regulated institution will need to be registered on the Nationwide Mortgage Licensing System (NMLS). Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.


What OneAZ Credit Union employees say

Pay

Hours and flexibility

Workplace

Get the full story on Breakroom