1

Vendor Risk Management Jobs in California (NOW HIRING)

AVP, Risk Management

Vacaville, CA · On-site

$172K - $212K/yr

Leads enterprise‐wide vendor risk assessments, due diligence processes, and ongoing monitoring activities. * Participates in TCU strategy sessions and provides a risk management perspective on ...

AVP, Risk Management

Vacaville, CA · On-site

$172K - $212K/yr

Leads enterprise‐wide vendor risk assessments, due diligence processes, and ongoing monitoring activities. * Participates in TCU strategy sessions and provides a risk management perspective on ...

Archer is seeking a Senior Third Party Risk Management (TPRM) Engineer to execute our vendor cyber risk function across all tiers of our supplier ecosystem. In this high-visibility role, you will use ...

next page

Showing results 1-20

Vendor Risk Management information

See California salary details

$42.9K

$102.3K

$165.3K

How much do vendor risk management jobs pay per year?

As of Jul 5, 2026, the average yearly pay for vendor risk management in California is $102,346.00, according to ZipRecruiter salary data. Most workers in this role earn between $71,600.00 and $130,300.00 per year, depending on experience, location, and employer.

What is the highest paying risk management job?

In risk management, senior roles such as Chief Risk Officer (CRO) or Director of Risk Management tend to have the highest salaries, often exceeding six figures annually. These positions require extensive experience, advanced certifications like FRM or CRM, and strong leadership skills, especially in financial services, insurance, or large corporations.

What is a vendor risk management job description?

A vendor risk management job involves assessing and monitoring the risks associated with third-party vendors to ensure compliance with security, legal, and operational standards. Responsibilities include conducting risk assessments, developing mitigation strategies, and maintaining vendor relationships, often using tools like risk management software. Strong analytical skills and knowledge of regulatory requirements are essential for this role.

What are the key skills and qualifications needed to thrive in the Vendor Risk Management position, and why are they important?

To thrive in Vendor Risk Management, you need a solid background in risk assessment, contract analysis, and supply chain management, often supported by a degree in business, finance, or a related field. Familiarity with risk management software, vendor management systems, and relevant certifications such as Certified Third Party Risk Professional (CTPRP) are highly valued. Strong attention to detail, excellent communication, and negotiation skills help build effective vendor relationships and navigate complex scenarios. These capabilities are crucial for ensuring organizational compliance, minimizing third-party risks, and maintaining strong supplier performance.

How much does a risk manager get paid?

A risk manager's salary typically ranges from $70,000 to $130,000 annually, depending on experience, industry, and location. Professionals with certifications like CRM or FRM and strong analytical skills tend to earn higher salaries, especially in financial services and corporate sectors.

What is vendor risk management?

Vendor risk management is a process used by organizations to identify, assess, and mitigate risks associated with third-party vendors. It involves evaluating vendors' security, compliance, and operational practices to ensure they do not pose threats to the organization’s data, reputation, or operations, often supported by tools like risk assessment frameworks and requiring ongoing monitoring.

What is a Vendor Risk Management job?

A Vendor Risk Management (VRM) job involves assessing, monitoring, and mitigating risks associated with third-party vendors and suppliers. Professionals in this role evaluate vendor security, compliance, and operational risks to protect their organization from potential disruptions, data breaches, or regulatory violations. They work closely with procurement, legal, and IT teams to establish risk management frameworks and ensure vendors meet contractual and security standards. Their responsibilities often include conducting risk assessments, reviewing vendor contracts, and developing risk mitigation strategies. Effective VRM helps organizations reduce exposure to risks while maintaining productive vendor relationships.

What are some common challenges faced in a Vendor Risk Management role?

Professionals in Vendor Risk Management often encounter the challenge of assessing and monitoring a wide range of vendors, each with unique risk profiles and compliance requirements. Balancing multiple projects, managing deadlines, and ensuring clear communication between internal stakeholders and vendors can also be demanding. Staying updated on evolving regulatory standards and quickly adapting to new risks is essential in this role. Overcoming these challenges requires strong organizational skills, continual learning, and proactive relationship management.

What are the most commonly searched types of Vendor Risk Management jobs in California? The most popular types of Vendor Risk Management jobs in California are:
What job categories do people searching Vendor Risk Management jobs in California look for? The top searched job categories for Vendor Risk Management jobs in California are:
What cities in California are hiring for Vendor Risk Management jobs? Cities in California with the most Vendor Risk Management job openings:
Infographic showing various Vendor Risk Management job openings in California as of June 2026, with employment types broken down into 100% Full Time. Highlights an 60% In-person, and 40% Remote job distribution, with an average salary of $102,346 per year, or $49.2 per hour.
Enterprise Risk Management (ERM) Analyst

Enterprise Risk Management (ERM) Analyst

SAFE Credit Union

Folsom, CA • Hybrid

$110K - $120K/yr

Full-time

Medical, Dental, Vision, Retirement

Posted 4 days ago


Job description

Salary Range: $110,000.00 - $120,000.00
Exact compensation may vary based on skill and experience.
 
Why SAFE?
SAFE offers so much more than just full medical, vision, dental, 401k matching, HSA, and FSA! Learn more about how we support our workforce!
  • Professional Development Opportunities: Offering training programs, workshops, and mentorship.
  • Recognition and Appreciation: Regularly acknowledging employee achievements and contributions.
  • Flexible Work Arrangements: Providing options for remote work and flexible scheduling.
  • Positive Company Culture: Fostering an inclusive, collaborative, and supportive work environment.
  • Career Growth: Clear paths for career advancement and internal promotions.
  • Work-Life Balance: Encouraging a healthy balance between professional and personal life.
  • Employee Empowerment: Allowing employees to make decisions and have autonomy in their roles.
  • Space of Belonging: ERGs, YOUnity Council and a focus around diversity, equity inclusion and belonging.  
  • Wellness Programs: Promoting physical and mental health through wellness initiatives and resources.
  • Strong Leadership: Having leaders who inspire, support, and guide their teams effectively.
  • Sense of Purpose: Creating a sense of mission and aligning company goals with employees' personal values.


POSITION PURPOSE

This position is responsible for supporting SAFE's Enterprise Risk Office. This position will be responsible for supporting the development, implementation, execution, and management of key programs  the Enterprise Risk Management program, Business Continuity Management, Information Assurance, and Vendor Risk Management.

 ESSENTIAL FUNCTIONS AND BASIC DUTIES

 Enterprise Risk Management

  • Support the development and execution of a comprehensive Enterprise Risk Management (ERM) program aligned with SAFE’s goals and risk appetite.
  • Assist in developing and refining ERM frameworks, methodologies, and tools to identify, assess, and mitigate risks across the enterprise.
  • Provide support in establishing and monitoring the risk appetite framework, ensuring its integration into strategic planning and decision-making processes. Execute activities related to the risk appetite framework, including tracking risk levels, assessing exposures, and implementing risk mitigation strategies.
  • Collaborate with line-of-business teams and support functions to integrate the ERM operating framework throughout the organization.
  • Help develop ERM education materials to promote a risk-aware culture, educating SAFE employees about the importance of risk management and their roles in the process.
  • Assist in developing standardized metrics and reporting systems to enable continuous monitoring of program goals.
  • Support the implementation of a comprehensive Key Risk Indicator (KRI) framework, including identifying and defining critical indicators to monitor and assess organizational risks. 

Business Continuity Management

  • Assist in the coordination of annual vendor management review process. 
  • Complete other duties and special projects, assigned. 
  • Assist in maintaining an effective business continuity program and assess the maturity levels of the program against goals. 
  • Facilitate and coordinate the completion of the Business Impact Analysis review process. 
  • Participate in developing and providing business continuity management awareness education to business partners. 
  • Participate in the creation, coordination, facilitation, and communication of business continuity exercises, including but not limited to table-top exercises, simulation testing, and full-scale exercises. 
  • Assist in evaluating the effectiveness of the disaster recovery planning and testing. 
  • Manage and Control SAFE’s business continuity software. 

Vendor Risk Management 

  • Assist with third-party risk assessments and due diligence reviews for new and existing vendors, including evaluation of financial, operational, cybersecurity, compliance, and reputational risks
  • Monitor vendor risk profiles and coordinate periodic reviews to ensure ongoing compliance with organizational policies, regulatory requirements, and risk appetite
  • Analyze vendor documentation, including SOC reports, financial statements, business continuity plans, information security questionnaires, and insurance coverage
  • Track and report third-party risk metrics, KRIs, assessment results, and remediation activities to management and risk committees
  • Partner with business units, and Contract Administrator, Info Sec, Compliance, and other teams to identify, assess, mitigate and monitor third-party risks throughout the vendor lifecycle
  • Support compliance with applicable regulatory guidance related to vendor management and third-party oversight, including NCUA requirements, by facilitating risk assessments, contract reviews, and documentation retention.

 

QUALIFICATIONS

Experience Required:       

Candidates should possess 3-5 years of relevant experience, or alternatively, equivalent education or risk management certification may be considered in lieu of experience.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

 

Required Knowledge:      

At least two years in a financial institution environment preferred.

 

Skills/Abilities:

  • Excellent verbal and written communication skills.
  • Excellent interpersonal, communication, and leadership skills, as success in this position depends on building rapport and credibility with multiple stakeholders across the organization.
  • Superior critical thinking and analytical skills.
  • Ability to research and interpret a variety of professional standards and regulatory guidelines for enterprise risk management areas.
  • Knowledgeable in major areas of credit union operations, and of the three lines of defense model, risk management principles, and Enterprise Risk Management (ERM) frameworks.
  • Ability to work independently, as well as part of department and project teams.
  • Must have strong prioritization skills and be able to multitask.
  • Proficient Excel skills.

 

WORK ENVIRONMENT/PHYSICAL DEMANDS SUMMARY

 LANGUAGE SKILLS

  • Excellent communication skills (verbal, written, listening skills, and empathy).
  • Expert ability to build relationships with other leaders, business partners, and stakeholders.
  • Ability to write reports, business correspondence, and procedure manuals.
  • Ability to effectively present information and respond to questions from groups of managers.

MATHEMATICAL SKILLS AND REASONING ABILITY 

  • Ability to interpret a variety of instructions furnished in written, oral, or schedule form.
  • Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.

PHYSICAL DEMANDS AND WORK ENVIRONMENT

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. 

  • While performing the duties of this job, the employee is regularly required to sit and talk or hear, and use hands to finger, handle, or feel objects, tools, or controls.
  • The employee is occasionally required to stand; walk; reach with hands and arms; and stoop, kneel, crouch, or crawl.
  • The employee must occasionally lift and/or move up to 10 pounds.
  • Specific vision abilities required by this job include close vision.
  • The noise level in the work environment is usually moderate.

 

INTENT AND FUNCTION OF JOB DESCRIPTIONS

 

This is not necessarily an all-inclusive list of job-related responsibilities, duties, skills, efforts, requirements or working conditions.  All descriptions have been reviewed to ensure that only essential functions and basic duties have been included.  Peripheral tasks, only incidentally related to each position, have been excluded.  Requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions.  While this is intended to be an accurate reflection of the current job, management reserves the right to revise the job or to require that other or different tasks be performed as assigned.

 

In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals.  However, no accommodation will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.

 

Job descriptions are not intended as and do not create employment contracts.  The organization maintains its status as an at-will employer.  Employees can be terminated for any reason not prohibited by law.