ZipRecruiter

Log In

1

Vendor Risk Assessment Jobs in Virginia (NOW HIRING)

Sentara

Senior Analyst

Norfolk, VA

$85.10K - $112.70K/yr

Vendor Risk Assessment (VRA): * Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance ...

IMR Soft Llc

Risk Manager

Mclean, VA · On-site

$55 - $60/hr

... assessment. * Recommend enhancements to the business/technology processes and controls to improve effectiveness of technology & vendor risk management capabilities * Perform risk tracking, trending ...

SC&H Group

Risk Senior Manager

Tysons Corner, VA

Lead ISO/IEC 27001 implementations (ISMS design, risk assessment, controls, internal audits ... vendor risk, cloud controls, incident response, logging/monitoring, data governance, AI governance)

ECS

Supply Chain Risk Management Lead

Falls Church, VA · On-site

In this role, the specialist integrates automated supply chain risk tooling, Software Bill of Materials governance, vendor security assessment programs, and threat intelligence monitoring to reduce ...

next page

Showing results 1-20

People also search for

All JobsVendor Risk Assessment JobsVendor Risk Assessment Jobs in Virginia

Vendor Risk Assessment information

What are the key skills and qualifications needed to thrive as a Vendor Risk Assessment professional, and why are they important?

To thrive in Vendor Risk Assessment, you need a solid understanding of risk management principles, third-party due diligence, and regulatory compliance, often supported by a degree in business, IT, or a related field. Familiarity with risk assessment tools, governance frameworks (like ISO 27001), and platforms such as GRC (Governance, Risk, and Compliance) systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help professionals assess vendor risks and collaborate across departments. These skills are crucial for identifying, mitigating, and communicating risks that could impact an organization’s operations, security, or reputation.

What are some common challenges faced in a Vendor Risk Assessment role, and how can I prepare to address them?

Professionals in Vendor Risk Assessment often encounter challenges such as managing large volumes of vendor data, ensuring compliance with evolving regulations, and effectively communicating risks to both internal stakeholders and vendors. To prepare for these challenges, it's important to develop strong organizational and analytical skills, stay informed about regulatory changes, and build effective communication strategies. Collaborating closely with procurement, legal, and IT teams is also essential for gathering accurate information and implementing risk mitigation measures.

What is a Vendor Risk Assessment?

A Vendor Risk Assessment is a process used by organizations to evaluate and manage the potential risks associated with outsourcing services or products to third-party vendors. The assessment typically examines areas such as data security, regulatory compliance, financial stability, and operational practices of the vendor. Its purpose is to identify potential vulnerabilities or threats that could impact the organization if the vendor fails to meet expectations or is compromised. Regular vendor risk assessments help ensure that third-party relationships do not expose the company to undue risk and that appropriate controls are in place.

What is the difference between Vendor Risk Assessment vs Vendor Compliance Analyst?

AspectVendor Risk AssessmentVendor Compliance Analyst
Primary FocusEvaluating risks associated with vendors and third-party providersEnsuring vendors comply with policies, regulations, and contractual obligations
CertificationsCertifications like CISSP, CISA, or vendor risk management coursesCertifications such as CCEP, CISA, or compliance-specific credentials
Work EnvironmentRisk management teams, procurement, cybersecurity departmentsCompliance teams, legal, procurement, and audit departments
Industry UsageCommon in finance, healthcare, and IT sectorsPrevalent in regulated industries like finance, healthcare, and manufacturing

Vendor Risk Assessment focuses on identifying and mitigating risks posed by vendors, while Vendor Compliance Analysts ensure vendors adhere to policies and regulations. Both roles are essential for managing third-party relationships but differ in their primary objectives and activities.

What are popular job titles related to Vendor Risk Assessment jobs in Virginia? For Vendor Risk Assessment jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Vendor Risk Assessment jobs in Virginia look for? The top searched job categories for Vendor Risk Assessment jobs in Virginia are:
What cities in Virginia are hiring for Vendor Risk Assessment jobs? Cities in Virginia with the most Vendor Risk Assessment job openings:
Vendor Risk Assessment jobs near you
Infographic showing various Vendor Risk Assessment job openings in Virginia as of May 2026, with employment types broken down into 3% As Needed, 77% Full Time, 16% Part Time, 1% Temporary, and 3% Contract. Highlights an 90% Physical, 3% Hybrid, and 7% Remote job distribution.
Senior Analyst - Third Party Risk Management

Senior Analyst - Third Party Risk Management

Sentara Healthcare

Norfolk, VA • On-site, Remote

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 7 days ago

Sentara Health rating

6.8

Company rating: 6.8 out of 10

Based on 379 frontline employees who took The Breakroom Quiz

488th of 864 rated healthcare providers

Job description

City/State
Norfolk, VA
Work Shift
First (Days)
Overview:
Third Party Risk Management (TPRM) Senior Analyst is responsible for ensuring the organization effectively manages risks associated with third-party vendors and partners throughout the entire third-party lifecycle, including vendor selection, contract negotiation, ongoing monitoring, and termination. This involves not only identifying and evaluating risks but also collaborating with various teams, particularly Legal and Procurement, to embed risk mitigation strategies into contractual agreements.
Key responsibilities
  • Vendor Risk Assessment (VRA):
    • Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.
    • Utilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.
    • Analyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.
    • Engage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.
    • Perform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.
  • Contract Negotiation:
    • Partner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.
    • Provide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.
    • Work to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.
  • TPRM program development and maintenance:
    • Support the development, maintenance, and enhancement of the organization's Third-Party Risk Management program and framework.
    • Develop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.
    • Identify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.
  • Stakeholder collaboration and communication:
    • Build and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.
    • Provide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.
    • Communicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.
  • Ongoing monitoring and remediation:
    • Track identified risks associated with third parties and ensure timely reviews are performed.
    • Monitor key supplier performance against established SLAs and regulatory requirements.
    • Track and collaborate with internal partners and vendors to remediate any risk-related issues.

Education
  • Bachelor's degree in a relevant field such as Business, Finance, Information Technology, or a related discipline (Preferred)
  • Experience in lieu of Bachelor's Degree -7+ years of relevant experience without a degree

Certification/Licensure
  • CISA, CRISC, CISM, CISSP, or other relevant certifications are preferred

Experience
  • 5+ years of relevant experience with a degree
  • Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices.
  • Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM, and Shared Assessments SIG.
  • Working knowledge of contract management principles and practices, including contract negotiation and analysis.
  • Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences.
  • Strong analytical, critical thinking, and problem-solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy.
  • Ability to work collaboratively in a cross-functional environment and build strong relationships with internal and external partners.
  • Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC (Governance, Risk, and Compliance) tools like OneTrust (highly desirable), Archer, or ServiceNow

Keywords: TPRM, Third party Risk assessment
Benefits: Caring For Your Family and Your Career
Medical, Dental, Vision plans
• Adoption, Fertility and Surrogacy Reimbursement up to 10,000
• Paid Time Off and Sick Leave
• Paid Parental & Family Caregiver Leave
• Emergency Backup Care
• Long-Term, Short-Term Disability, and Critical Illness plans
• Life Insurance
• 401k/403B with Employer Match
• Tuition Assistance - 5,250/year and discounted educational opportunities through Guild Education
• Student Debt Pay Down - 10,000
• Reimbursement for certifications and free access to complete CEUs and professional development
• Pet Insurance
• Legal Resources Plan
• Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.
Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.
In support of our mission "to improve health every day," this is a tobacco-free environment.
For positions that are available as remote work, Sentara Health employs associates in the following states:
Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.

What Sentara Health employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply