Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
Vendor Risk Manager
Des Moines, IA · On-site
While adhering to Wellmark's Vendor Risk Management guidelines through the execution of policies ... Provide on-going vendor scorecard reporting and analysis to internal and external parties ...
Vendor Risk Manager
Des Moines, IA · On-site
While adhering to Wellmark's Vendor Risk Management guidelines through the execution of policies ... Provide on-going vendor scorecard reporting and analysis to internal and external parties ...
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
Risk Management Analyst
Irvine, CA · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Risk Management Analyst
Irvine, CA · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Risk Management Analyst
Denver, CO · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Risk Management Analyst
Denver, CO · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
The Senior Risk Management Analyst supports the development and operation of the Credit Union ... Perform primary functions of Vendor Management Program including classifying vendors, performing ...
The Senior Risk Management Analyst supports the development and operation of the Credit Union ... Perform primary functions of Vendor Management Program including classifying vendors, performing ...
Risk Management Analyst
Irvine, CA · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Quick apply
Risk Management Analyst
Irvine, CA · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Risk Management Analyst
Denver, CO · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Quick apply
Risk Management Analyst
Denver, CO · On-site
Field vendor calls, evaluate relevance to the department, and deliver clear summaries and ... Provide backup coverage and continuity support for the Risk Management Manager Position ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Governance & Risk Analyst
Chicago, IL · On-site
$85K - $95K/yr
Key Responsibilities Third-Party Risk Management (TPRM) & Vendor Risk Assessments (VRA) * Conduct end-to-end Vendor Risk Assessments (VRA) including initiation, analysis, follow-ups, and final ...
Risk Management Analyst
Washington, DC · On-site +1
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
Risk Management Analyst
Washington, DC · On-site +1
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
Quick apply
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
The Risk Management Analyst supports the identification, assessment, and communication of discrete and overall program and project risk across cost, schedule, and performance dimensions within a ...
Senior Risk Management Analyst
Warren, OH · On-site
$52K - $65K/yr
Aggregate and analyze data to calculate risk trends and outcomes. * Identify and monitor key ... Perform primary functions of Vendor Management Program including classifying vendors, performing ...
Quick apply
Senior Risk Management Analyst
Warren, OH · On-site
$52K - $65K/yr
Aggregate and analyze data to calculate risk trends and outcomes. * Identify and monitor key ... Perform primary functions of Vendor Management Program including classifying vendors, performing ...
Risk Management Analyst
$70K - $85K/yr
Position Summary The Risk Management Analyst is responsible for identifying, assessing, and mitigating financial and operational risks across the organization. This role plays a critical part in ...
Quick apply
Risk Management Analyst
$70K - $85K/yr
Position Summary The Risk Management Analyst is responsible for identifying, assessing, and mitigating financial and operational risks across the organization. This role plays a critical part in ...
Risk Analyst I
Atlanta, GA · On-site
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
Risk Analyst I
Atlanta, GA · On-site
About This Opportunity The Vendor Risk Management (VRM) team partners with business units to assess ... Responsibilities The Analyst I, Vendor Risk works closely with vendor relationship owners to ensure ...
Risk Management Analyst
Pittsburgh, PA · On-site
Summary The Risk Management Analyst partners and collaborates with business units, corporate resource departments and external stakeholders to anticipate, identify, understand and manage key ...
Risk Management Analyst
Pittsburgh, PA · On-site
Summary The Risk Management Analyst partners and collaborates with business units, corporate resource departments and external stakeholders to anticipate, identify, understand and manage key ...
Risk Management Analyst
Hackensack, NJ · On-site
The Risk Management Analyst (RMA) is responsible for investigating risk management events, reviewing and analyzing events in the ONElink event reporting system, assisting with proactive risk ...
Risk Management Analyst
Hackensack, NJ · On-site
The Risk Management Analyst (RMA) is responsible for investigating risk management events, reviewing and analyzing events in the ONElink event reporting system, assisting with proactive risk ...
Vendor Analyst, AI & Technology Risk
Chicago, IL · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations * Support execution of AI intake and governance workflows: * Track AIA Forms and FactSheets * Ensure ...
Vendor Analyst, AI & Technology Risk
Chicago, IL · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations * Support execution of AI intake and governance workflows: * Track AIA Forms and FactSheets * Ensure ...
Vendor Analyst, AI & Technology Risk
Iowa, LA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations * Support execution of AI intake and governance workflows: * Track AIA Forms and FactSheets * Ensure ...
Vendor Analyst, AI & Technology Risk
Iowa, LA · Hybrid
$85K - $110K/yr
Support Vendor Management in aligning with third-party risk requirements AI Governance Operations * Support execution of AI intake and governance workflows: * Track AIA Forms and FactSheets * Ensure ...
Vendor Risk Management Analyst information
See salary details
$36.5K - $45.7K
4% of jobs
$45.7K - $55K
13% of jobs
$61.7K is the 25th percentile. Wages below this are outliers.
$55K - $64.2K
11% of jobs
$64.2K - $73.4K
16% of jobs
The median wage is $75.7K / yr.
$73.4K - $82.6K
25% of jobs
$87.3K is the 75th percentile. Wages above this are outliers.
$82.6K - $91.9K
13% of jobs
$91.9K - $101.1K
8% of jobs
$101.1K - $110.3K
3% of jobs
$110.3K - $119.5K
1% of jobs
$119.5K - $128.8K
1% of jobs
$128.8K - $138K
5% of jobs
$36.5K
$82.3K
$138K
How much do vendor risk management analyst jobs pay per year?
As of Jun 28, 2026, the average yearly pay for vendor risk management analyst in the United States is $82,330.00, according to ZipRecruiter salary data. Most workers in this role earn between $62,500.00 and $90,500.00 per year, depending on experience, location, and employer.
What is a Vendor Risk Management Analyst?
A Vendor Risk Management Analyst is a professional responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and suppliers. They evaluate vendor practices, ensure compliance with company policies and regulations, and help protect the organization from financial, operational, and reputational risks. Their work often involves conducting risk assessments, reviewing contracts, and collaborating with other departments to ensure vendors meet required security and performance standards.
What are the key skills and qualifications needed to thrive as a Vendor Risk Management Analyst, and why are they important?
To thrive as a Vendor Risk Management Analyst, you need expertise in risk assessment, third-party due diligence, and a solid understanding of compliance regulations, typically supported by a bachelor’s degree in business, finance, or a related field. Proficiency with risk management software, vendor management platforms, and knowledge of frameworks like ISO 27001 or SOC 2 are commonly required, along with certifications such as CTPRP or CISA. Strong analytical thinking, attention to detail, and effective communication skills are essential for building relationships and reporting risks clearly. These skills ensure organizations can identify, mitigate, and manage risks associated with third-party vendors, protecting operational integrity and regulatory compliance.
How does a Vendor Risk Management Analyst typically interact with other departments within an organization?
Vendor Risk Management Analysts often collaborate closely with departments such as Procurement, Legal, IT Security, and Compliance to assess and mitigate risks associated with third-party vendors. They facilitate information sharing, coordinate risk assessments, and ensure that contract terms align with the organization's risk tolerance. Regular communication and cross-functional meetings are common, as these analysts play a key role in ensuring that vendor relationships do not expose the organization to undue risk.
What is the difference between Vendor Risk Management Analyst vs Procurement Analyst?
| Aspect | Vendor Risk Management Analyst | Procurement Analyst |
|---|---|---|
| Certifications | Certifications like CTPRP, CRISC, or vendor risk management courses | CPM, CPSM, or purchasing certifications |
| Work Environment | Focus on risk assessment, compliance, and vendor evaluations | Focus on sourcing, purchasing, and supplier negotiations |
| Industry Usage | Common in finance, healthcare, and technology sectors | Prevalent across manufacturing, retail, and corporate sectors |
The main difference is that a Vendor Risk Management Analyst specializes in assessing and mitigating risks associated with vendors, ensuring compliance and security. In contrast, a Procurement Analyst primarily handles sourcing and purchasing activities. Both roles require analytical skills and industry knowledge but focus on different aspects of vendor and supply chain management.
More about Vendor Risk Management Analyst jobs
What cities are hiring for Vendor Risk Management Analyst jobs? Cities with the most Vendor Risk Management Analyst job openings:
What states have the most Vendor Risk Management Analyst jobs? States with the most job openings for Vendor Risk Management Analyst jobs include:
What job categories do people searching Vendor Risk Management Analyst jobs look for? The top searched job categories for Vendor Risk Management Analyst jobs are:
Full-time
Medical, Dental, Vision, Retirement, PTO
Posted 3 days ago
Job description
Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it.
OUR MISSION
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors - enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
OUR VALUES
Your Mission
We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.
This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.
Responsibilities:
Enterprise Risk Management
Third-Party Vendor Risk Management
Cross-Functional Collaboration
Qualifications
Preferred Qualifications
Compensation
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Additional Requirements
This position will be open until it is successfully filled.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
OUR MISSION
True Anomaly delivers decisive capabilities for space superiority. We build autonomous spacecraft, advanced payloads, mission software, and space-based interceptors - enabling the U.S. and its Allies to secure the space environment and counter threats from the ultimate high ground.
OUR VALUES
- Be the offset. We create asymmetric advantages with creativity and ingenuity.
- What would it take? We challenge assumptions to deliver ambitious results.
- It's the people. Our team is our competitive advantage and we are better together.
Your Mission
We are seeking a driven and detail-oriented Enterprise Risk Analyst to support two distinct but interconnected lines of effort: Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the Senior Enterprise Risk Manager, you will play a hands-on role in executing risk assessments, maintaining program documentation, tracking remediation activities, and building the data foundation that powers executive-level risk decision-making.
This role is ideal for a mid-career risk professional who is fluent in frameworks such as NIST RMF and CMMC, is developing practical experience with risk quantification methodologies like FAIR and OCTAVE, and is eager to grow within a fast-paced aerospace and defense SaaS environment. You will work closely with engineering, security, legal, compliance, and operations teams to help identify, document, and track risk across the enterprise and its third-party supply chain.
Responsibilities:
Enterprise Risk Management
- Support the design, execution, and continuous improvement of the enterprise risk management program under the direction of the Senior Enterprise Risk Manager.
- Assist in conducting structured risk assessments using OCTAVE or similar threat-and-asset-centric methodologies, documenting findings, threat profiles, and recommended mitigations.
- Support the application of FAIR methodology to help quantify risks in financial terms and contribute to risk prioritization analyses for leadership.
- Maintain and update the enterprise risk register, ensuring accuracy of risk ratings, ownership assignments, remediation status, and residual risk tracking.
- Build and maintain program dashboards, KPI/KRI reports, and status tracking using tools such as Jira, Confluence, enterprise GRC platforms, and MS Project.
- Assist with audit readiness activities including evidence collection, pre-assessment preparation, control documentation, and post-audit remediation tracking.
- Support POA&M management for IL5 and IL6 environments, tracking open items to closure and escalating blockers to the Enterprise Risk Manager.
- Contribute to the development and maintenance of risk policies, standards, and guidelines aligned to NIST SP 800-53 Rev. 5, NIST SP 800-171, RMF, and CMMC Level 3.
- Coordinate and track internal audit schedules, findings, and corrective action plans across business units.
Third-Party Vendor Risk Management
- Execute vendor risk assessments as part of the onboarding and periodic review lifecycle, including security questionnaire administration, documentation review, and risk scoring.
- Maintain the vendor risk inventory and lifecycle tracking records, ensuring all vendors are appropriately tiered and assessed on schedule.
- Monitor vendor risk signals including cybersecurity advisories, regulatory actions, and contractual compliance status, escalating material changes to the Enterprise Risk Manager.
- Support contract and procurement teams by providing vendor risk assessment findings and recommended risk mitigation language.
- Assist in ensuring TPVRM program alignment with CMMC supply chain requirements, DFARS clauses, and ITAR/export control considerations for critical suppliers.
- Develop and maintain vendor risk reporting inputs and dashboard content to support executive-level visibility into third-party risk exposure.
Cross-Functional Collaboration
- Serve as a reliable day-to-day point of contact for risk-related inquiries from internal stakeholders across engineering, security, operations, and legal teams.
- Track program milestones, action items, and deliverables, proactively communicating status and flagging risks or dependencies to the Enterprise Risk Manager.
- Continuously improve risk program workflows, documentation templates, and reporting processes to support scalable and repeatable execution.
- Support the preparation of materials for internal leadership briefings, external assessor interactions, and government partner reviews.
Qualifications
- 5+ years of experience in enterprise risk management, GRC, cybersecurity risk, compliance, or a closely related discipline.
- Working knowledge of NIST SP 800-53, NIST SP 800-171, DoD RMF (IL5/IL6), and CMMC, with direct experience supporting assessments or audits under one or more of these frameworks.
- Familiarity with risk assessment methodologies including FAIR and/or OCTAVE, with a desire to deepen applied expertise in risk quantification.
- Experience supporting or executing third-party/vendor risk assessments, including questionnaire administration, documentation review, and risk tracking.
- Hands-on experience with program management and GRC documentation tools including Jira, Confluence (Atlassian suite), MS Project, enterprise GRC platforms, and MS Visio or Lucidchart.
- Strong written and verbal communication skills, with the ability to clearly document findings and translate risk concepts for both technical and non-technical audiences.
- Highly organized, self-directed, and comfortable managing multiple workstreams simultaneously in a fast-paced, regulated environment.
- Active or ability to obtain SECRET, TS/SCI security clearance.
- Must be a U.S. citizen, lawful permanent resident, or protected individual per ITAR requirements (8 U.S.C. 1324b(a)(3)).
Preferred Qualifications
- Background in startup, aerospace, defense technology, or SaaS companies operating in regulated government markets.
- Industry certifications such as:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Open FAIR Certification (The Open Group)
- CompTIA Security+ or equivalent
- Certified ScrumMaster (CSM) or similar Agile certification
- Experience with cloud environments, particularly Azure Government and/or AWS GovCloud.
- Familiarity with POA&M management, SSP documentation, and audit evidence collection in DoD authorization contexts.
- Working knowledge of ITAR, EAR, DFARS, and export control considerations as they relate to vendor and supply chain risk.
- Familiarity with Agile/Scrum and hybrid project delivery models.
Compensation
- Base Salary: Denver - $115,000 to $155,000, Long Beach - $120,000 to $165,000, Washington, DC - $120,000 to $165,000, SF Bay Area - $132,000 to $178,000
- Equity + Benefits including Health, Dental, Vision, HRA/HSA options, PTO and paid holidays, 401K, Parental Leave
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, location, and experience.
Additional Requirements
- Work Location: This role will be onsite at one of our office locations: Centennial, CO, Long Beach, CA, SF Bay Area, or Washington, DC #LI-Onsite
- Work Environment: Standard office setting, working at a desk or in a production factory environment
- Physical Demands: May include frequent standing, sitting, walking, bending, and lifting or carrying items up to 20 lbs.
This position will be open until it is successfully filled.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR), you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
We value diversity of experience, knowledge, backgrounds, and perspectives and harness these qualities to create extraordinary impact. True Anomaly is committed to equal employment opportunity regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, pregnancy, maternity or related condition (including breastfeeding) or any other basis as protected by applicable law. If you have a disability or additional need that requires accommodation, please do not hesitate to let us know.
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
True Anomaly is committed to equal employment opportunity on any basis protected by applicable state and federal laws. If you have a disability or additional need that requires accommodation, please do not hesitate to let us.
About True Anomaly
Sourced by ZipRecruiter
Company size
11 - 50 Employees
Headquarters location
Colorado Springs, CO, US
Year founded
2022