Lead security risk assessments of third-party vendors and partners across the full vendor lifecycle, from onboarding through offboarding, identifying and prioritizing risks based on criticality and ...
Lead security risk assessments of third-party vendors and partners across the full vendor lifecycle, from onboarding through offboarding, identifying and prioritizing risks based on criticality and ...
Our client is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service ...
Our client is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service ...
Sr Technical Risk Analyst (Vendor Relationship Manager)
Capitol Heights, MD · On-site
$58 - $62/hr
Support business units during vendor risk assessments and due diligence activities. * Collaborate with cross-functional teams to improve vendor management processes and operational efficiency. * Stay ...
Sr Technical Risk Analyst (Vendor Relationship Manager)
Capitol Heights, MD · On-site
$58 - $62/hr
Support business units during vendor risk assessments and due diligence activities. * Collaborate with cross-functional teams to improve vendor management processes and operational efficiency. * Stay ...
Client is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service providers ...
Quick apply
Client is seeking an experienced professional to join our Third-Party/ Vendor Risk Assessment team. This team focuses on analyzing and managing risks associated with our vendors, service providers ...
AI Risk & Compliance Analyst
New York, NY · On-site
$65 - $75/hr
... intake, assessment, documentation, and ongoing governance of AI use cases across the enterprise ... Ownership, vendors, data types, risk ratings, approvals, required controls, and review cadence
Quick apply
AI Risk & Compliance Analyst
New York, NY · On-site
$65 - $75/hr
... intake, assessment, documentation, and ongoing governance of AI use cases across the enterprise ... Ownership, vendors, data types, risk ratings, approvals, required controls, and review cadence
WM Vendor Risk Associate
New York, NY · On-site
$58K - $115K/yr
... of risk assessments conducted by due diligence and control groups, escalating issues for ... vendor-related incidents (e.g., data breaches), including tracking action items, preparing ...
WM Vendor Risk Associate
New York, NY · On-site
$58K - $115K/yr
... of risk assessments conducted by due diligence and control groups, escalating issues for ... vendor-related incidents (e.g., data breaches), including tracking action items, preparing ...
JOB SUMMARY The candidate will be responsible for executing third-party risk assessments, including evaluating vendor control environments, documenting risk findings, and supporting risk-based ...
JOB SUMMARY The candidate will be responsible for executing third-party risk assessments, including evaluating vendor control environments, documenting risk findings, and supporting risk-based ...
Operational Risk and Control Analyst
New York, NY · On-site
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Operational Risk and Control Analyst
New York, NY · On-site
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Operational Risk and Control Analyst
New York, NY · On-site
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Quick apply
Apply Early
Operational Risk and Control Analyst
New York, NY · On-site
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Apply Early
Operational Risk and Control Analyst
New York, NY · Hybrid
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Operational Risk and Control Analyst
New York, NY · Hybrid
$75K - $110K/yr
Coordinate and conduct Vendor Risk Assessment, Model Risk Assessment, and Operational Risk Event (Business Continuity) Assessment. * Conduct analyses of risk data to identify trends and potential ...
Vendor Risk Management & Onboarding, SVP - Procurement
Miami, FL · On-site +1
$200K - $225K/yr
Maintain vendor risk databases and communicate risk assessments findings across the organization * Establish and publish KPIs and SLAs to evaluate the effectiveness of area and initiatives
Vendor Risk Management & Onboarding, SVP - Procurement
Miami, FL · On-site +1
$200K - $225K/yr
Maintain vendor risk databases and communicate risk assessments findings across the organization * Establish and publish KPIs and SLAs to evaluate the effectiveness of area and initiatives
Risk Assessment Manager
Atlanta, GA · On-site
$80K - $100K/yr
Lead risk assessments related to resident safety, property operations, vendor management, cybersecurity, and business continuity. * Analyze claims, incidents, and operational trends to identify risks ...
Risk Assessment Manager
Atlanta, GA · On-site
$80K - $100K/yr
Lead risk assessments related to resident safety, property operations, vendor management, cybersecurity, and business continuity. * Analyze claims, incidents, and operational trends to identify risks ...
Risk Management Specialist
Villa Park, IL · On-site
$70K - $85K/yr
Conduct pre-contract due diligence and ongoing vendor risk assessments. * Facilitate annual vendor reviews and ensure timely remediation of identified issues. * Administer and maintain vendor risk ...
Quick apply
Apply Early
Risk Management Specialist
Villa Park, IL · On-site
$70K - $85K/yr
Conduct pre-contract due diligence and ongoing vendor risk assessments. * Facilitate annual vendor reviews and ensure timely remediation of identified issues. * Administer and maintain vendor risk ...
Apply Early
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
You will independently lead complex third-party risk assessments, influence vendor security and compliance strategies across the organization, shape how the team scales its risk management ...
Vendor Risk Management & Onboarding, SVP - Procurement
Miami, FL · On-site
$200K - $225K/yr
Maintain vendor risk databases and communicate risk assessments findings across the organization * Establish and publish KPIs and SLAs to evaluate the effectiveness of area and initiatives
Vendor Risk Management & Onboarding, SVP - Procurement
Miami, FL · On-site
$200K - $225K/yr
Maintain vendor risk databases and communicate risk assessments findings across the organization * Establish and publish KPIs and SLAs to evaluate the effectiveness of area and initiatives
Support initial due diligence and ongoing risk assessments by collecting, validating, and documenting required artifacts and supporting materials for higher‑risk vendors to facilitate effective ...
Quick apply
Support initial due diligence and ongoing risk assessments by collecting, validating, and documenting required artifacts and supporting materials for higher‑risk vendors to facilitate effective ...
WM Vendor Risk Associate
$58K - $115K/yr
... of risk assessments conducted by due diligence and control groups, escalating issues for ... vendor-related incidents (e.g., data breaches), including tracking action items, preparing ...
WM Vendor Risk Associate
$58K - $115K/yr
... of risk assessments conducted by due diligence and control groups, escalating issues for ... vendor-related incidents (e.g., data breaches), including tracking action items, preparing ...
Vendor Governance Analyst
Malvern, PA · On-site
This role handles vendor lifecycle administration, third-party and AI-related risk intake and assessment, contract and renewal tracking, and SaaS/portfolio data, applying the frameworks, scoring ...
Vendor Governance Analyst
Malvern, PA · On-site
This role handles vendor lifecycle administration, third-party and AI-related risk intake and assessment, contract and renewal tracking, and SaaS/portfolio data, applying the frameworks, scoring ...
Vendor Risk Assessment information
See salary details
$51.5K - $62.3K
4% of jobs
$62.3K - $73K
6% of jobs
$73K - $83.8K
11% of jobs
$87.9K is the 25th percentile. Wages below this are outliers.
$83.8K - $94.6K
11% of jobs
The median wage is $103.2K / yr.
$94.6K - $105.4K
23% of jobs
$105.4K - $116.1K
13% of jobs
$123.2K is the 75th percentile. Wages above this are outliers.
$116.1K - $126.9K
12% of jobs
$126.9K - $137.7K
8% of jobs
$137.7K - $148.5K
6% of jobs
$148.5K - $159.2K
4% of jobs
$159.2K - $170K
2% of jobs
$51.5K
$111.6K
$170K
How much do vendor risk assessment jobs pay per year?
What is the difference between Vendor Risk Assessment vs Vendor Compliance Analyst?
| Aspect | Vendor Risk Assessment | Vendor Compliance Analyst |
|---|---|---|
| Primary Focus | Evaluating risks associated with vendors and third-party providers | Ensuring vendors comply with policies, regulations, and contractual obligations |
| Certifications | Certifications like CISSP, CISA, or vendor risk management courses | Certifications such as CCEP, CISA, or compliance-specific credentials |
| Work Environment | Risk management teams, procurement, cybersecurity departments | Compliance teams, legal, procurement, and audit departments |
| Industry Usage | Common in finance, healthcare, and IT sectors | Prevalent in regulated industries like finance, healthcare, and manufacturing |
Vendor Risk Assessment focuses on identifying and mitigating risks posed by vendors, while Vendor Compliance Analysts ensure vendors adhere to policies and regulations. Both roles are essential for managing third-party relationships but differ in their primary objectives and activities.
What are the key skills and qualifications needed to thrive as a Vendor Risk Assessment professional, and why are they important?
What are some common challenges faced in a Vendor Risk Assessment role, and how can I prepare to address them?
What is a Vendor Risk Assessment?

Full-time
Medical, Retirement, PTO
Posted 5 days ago
Job description
About the Role:
CrowdStrike is seeking a Third Party Risk Management (TPRM) Analyst to join our Policy, Risk Management, and Controls team (PCRM). As CrowdStrike's ecosystem of vendors, partners, and suppliers continues to grow, this role will be essential in identifying, assessing, and managing the security risks introduced through third-party relationships. This role offers candidates an opportunity to work in a fast-paced, collaborative environment alongside experienced security professionals, with direct impact on protecting CrowdStrike and its customers from supply chain and vendor-related threats.
Third Party Risk Program Management: Develop, implement, and maintain CrowdStrike's TPRM policies, standards, and procedures, ensuring alignment with internal security requirements and external regulatory obligations.
Risk Assessment & Due Diligence: Lead security risk assessments of third-party vendors and partners across the full vendor lifecycle, from onboarding through offboarding, identifying and prioritizing risks based on criticality and data access.
Reporting and Analysis: Generate detailed reports and dashboards to track vendor risk posture, assessment status, remediation progress, and program KPIs for leadership and key stakeholders.
Collaboration and Resolution: Partner with Procurement, Legal, Privacy, IT, and business teams to ensure third-party risks are understood, communicated, and appropriately addressed. Serve as a subject matter expert on vendor security requirements.
Process Optimization: Continuously identify opportunities to streamline and automate TPRM workflows, reduce manual effort, and scale the program to meet CrowdStrike's growth.
What You'll Do:
- Manage and mature CrowdStrike's Third Party Risk Management program, including policies, standards, procedures, and assessment methodologies.
- Conduct security risk assessments of third-party vendors, evaluating controls across domains such as data security, access management, incident response, business continuity, and compliance.
- Tier and prioritize vendors based on risk factors including data sensitivity, operational dependency, and regulatory scope.
- Manage vendor risk findings, remediation plans, and exceptions, working with vendors and internal stakeholders to resolve issues in a timely manner.
- Monitor the third-party risk landscape, including emerging threats, regulatory changes, and vendor security incidents, and communicate relevant updates to stakeholders.
- Develop and maintain TPRM dashboards and reporting to provide visibility into vendor risk posture and program health.
- Develop and deliver training and communications to internal stakeholders on TPRM processes, requirements, and responsibilities.
- Identify opportunities to automate and optimize TPRM workflows, leveraging GRC tooling and integrations to improve efficiency and scalability.
- Proactively identify gaps in the TPRM program and lead efforts to address and remediate them.
- Perform other duties within the scope of Third Party Risk Management and broader Cyber GRC.
What You'll Need:
- Bachelor's degree in Computer Science, Information Security, Business, or a related field; or a up to 5 years of experience.
- Technical focus on third party risk management, vendor risk, supply chain security, or related disciplines.
- Experience with GRC or TPRM platforms such as ServiceNow, OneTrust, ProcessUnity, or similar tools.
- Strong understanding of security risk assessment methodologies and control frameworks applicable to third-party environments.
- Familiarity with regulatory requirements and frameworks such as SOC 1/SOC 2, ISO 27001/27002, NIST 800-53, CSA-CCM, GDPR, and PCI-DSS as they apply to vendor relationships.
- Experience with reviewing vendor security documentation, including SOC reports, penetration test results, and questionnaire responses.
- Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.
Certifications (Preferred):
- CISSP, CISM, CRISC, or equivalent security certifications.
- Certifications specific to third party risk such as CTPRP (Certified Third Party Risk Professional) are a plus.
Soft Skills:
- Ability to think strategically about supply chain and vendor risks and connect them to CrowdStrike's broader risk posture.
- Strong analytical and problem-solving skills to evaluate vendor controls, identify gaps, and prioritize remediation.
- Excellent communication skills with the ability to convey technical risk findings to non-technical stakeholders, including executives and procurement teams.
- Proven ability to build and maintain relationships with external vendors and internal cross-functional partners.
- Leadership skills to drive vendor risk assessments, manage remediation efforts, and influence stakeholders without direct authority.
Program and Project Management:
- Experience managing risk programs or projects, including scoping, stakeholder coordination, and tracking deliverables against timelines.
Bonus Points:
- Experience with continuous monitoring solutions for third-party risk (e.g., BitSight, SecurityScorecard).
- Familiarity with CrowdStrike products, services, or the broader cybersecurity industry.
- Practical experience in software development or secure coding practices, particularly as they relate to supply chain security (e.g., SBOM, open source risk).
#LI-CS1
#LI-Remote
Benefits of Working at CrowdStrike:
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world class amenities
- Great Place to Work Certified™ across the globe
CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.
CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements.
If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant.
CrowdStrike participates in the E-Verify program.
Notice of E-Verify Participation
Right to Work
CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $85,000 - $120,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.
For detailed information about the U.S. benefits package, please click here.
Expected Close Date of Job Posting is:07-14-2026
About CrowdStrike
Sourced by ZipRecruiter
#WeAreCrowdStrike and our mission is to stop breaches. As a global leader in cybersecurity, our team changed the game. Since our inception, our market leading cloud-native platform has offered unparalleled protection against the most sophisticated cyberattacks. We're looking for people with limitless passion, a relentless focus on innovation and a fanatical commitment to the customer to join us in shaping the future of cybersecurity. Consistently recognized as a top workplace, CrowdStrike is committed to cultivating an inclusive, remote-first culture that offers people the autonomy and flexibility to balance the needs of work and life while taking their career to the next level. Interested in working for a company that sets the standard and leads with integrity? Join us on a mission that matters - one team, one fight.
Industry
It services
Company size
1,001 - 5,000 Employees
Headquarters location
Sunnyvale, CA, US
Year founded
2012