1

Vendor Risk Management Jobs in Connecticut (NOW HIRING)

Expert knowledge of third-party/vendor risk management * Strong risk assessment and analytical skills * Technical understanding of enterprise security architecture * Excellent communication and ...

Expert knowledge of third-party/vendor risk management * Strong risk assessment and analytical skills * Technical understanding of enterprise security architecture * Excellent communication and ...

New

Expert knowledge of third-party/vendor risk management * Strong risk assessment and analytical skills * Technical understanding of enterprise security architecture * Excellent communication and ...

Expert knowledge of third-party/vendor risk management * Strong risk assessment and analytical skills * Technical understanding of enterprise security architecture * Excellent communication and ...

New

Support administration and adherence of enterprise risk management programs, including vendor risk, information security risk, and model risk. * Track, manage, monitor, and report on risk issues and ...

Support administration and adherence of enterprise risk management programs, including vendor risk, information security risk, and model risk. * Track, manage, monitor, and report on risk issues and ...

Security and Compliance Manager

Windsor, CT · On-site

$90K - $135K/yr

Evaluate new and existing vendor relationships for security and compliance risk; maintain a vendor risk register and support supply chain risk management activities. * Other duties as assigned.

next page

Showing results 1-20

Vendor Risk Management information

See Connecticut salary details

$41.4K

$98.7K

$159.3K

How much do vendor risk management jobs pay per year?

As of Jul 5, 2026, the average yearly pay for vendor risk management in Connecticut is $98,652.00, according to ZipRecruiter salary data. Most workers in this role earn between $69,000.00 and $125,600.00 per year, depending on experience, location, and employer.

What is the highest paying risk management job?

In risk management, senior roles such as Chief Risk Officer (CRO) or Director of Risk Management tend to have the highest salaries, often exceeding six figures annually. These positions require extensive experience, advanced certifications like FRM or CRM, and strong leadership skills, especially in financial services, insurance, or large corporations.

What is a vendor risk management job description?

A vendor risk management job involves assessing and monitoring the risks associated with third-party vendors to ensure compliance with security, legal, and operational standards. Responsibilities include conducting risk assessments, developing mitigation strategies, and maintaining vendor relationships, often using tools like risk management software. Strong analytical skills and knowledge of regulatory requirements are essential for this role.

What are the key skills and qualifications needed to thrive in the Vendor Risk Management position, and why are they important?

To thrive in Vendor Risk Management, you need a solid background in risk assessment, contract analysis, and supply chain management, often supported by a degree in business, finance, or a related field. Familiarity with risk management software, vendor management systems, and relevant certifications such as Certified Third Party Risk Professional (CTPRP) are highly valued. Strong attention to detail, excellent communication, and negotiation skills help build effective vendor relationships and navigate complex scenarios. These capabilities are crucial for ensuring organizational compliance, minimizing third-party risks, and maintaining strong supplier performance.

How much does a risk manager get paid?

A risk manager's salary typically ranges from $70,000 to $130,000 annually, depending on experience, industry, and location. Professionals with certifications like CRM or FRM and strong analytical skills tend to earn higher salaries, especially in financial services and corporate sectors.

What is vendor risk management?

Vendor risk management is a process used by organizations to identify, assess, and mitigate risks associated with third-party vendors. It involves evaluating vendors' security, compliance, and operational practices to ensure they do not pose threats to the organization’s data, reputation, or operations, often supported by tools like risk assessment frameworks and requiring ongoing monitoring.

What is a Vendor Risk Management job?

A Vendor Risk Management (VRM) job involves assessing, monitoring, and mitigating risks associated with third-party vendors and suppliers. Professionals in this role evaluate vendor security, compliance, and operational risks to protect their organization from potential disruptions, data breaches, or regulatory violations. They work closely with procurement, legal, and IT teams to establish risk management frameworks and ensure vendors meet contractual and security standards. Their responsibilities often include conducting risk assessments, reviewing vendor contracts, and developing risk mitigation strategies. Effective VRM helps organizations reduce exposure to risks while maintaining productive vendor relationships.

What are some common challenges faced in a Vendor Risk Management role?

Professionals in Vendor Risk Management often encounter the challenge of assessing and monitoring a wide range of vendors, each with unique risk profiles and compliance requirements. Balancing multiple projects, managing deadlines, and ensuring clear communication between internal stakeholders and vendors can also be demanding. Staying updated on evolving regulatory standards and quickly adapting to new risks is essential in this role. Overcoming these challenges requires strong organizational skills, continual learning, and proactive relationship management.

What are the most commonly searched types of Vendor Risk Management jobs in Connecticut? The most popular types of Vendor Risk Management jobs in Connecticut are:
What are popular job titles related to Vendor Risk Management jobs in Connecticut? For Vendor Risk Management jobs in Connecticut, the most frequently searched job titles are:
What job categories do people searching Vendor Risk Management jobs in Connecticut look for? The top searched job categories for Vendor Risk Management jobs in Connecticut are:
Infographic showing various Vendor Risk Management job openings in Connecticut as of June 2026, with employment types broken down into 100% Full Time. Highlights an 86% In-person, and 14% Hybrid job distribution, with an average salary of $98,652 per year, or $47.4 per hour.

Vendor Risk Manager

DFO Referrals

Westport, CT • On-site

Full-time

Dental, Vision, Life, Retirement, PTO

Posted 3 days ago


Job description

Vendor Risk Manager
Dalio Family Office
Dalio Family Office Overview:
The Dalio Family Office (DFO) supports Barbara and Ray Dalio and their family in their ventures, investments, and philanthropic efforts under Dalio Philanthropies, which includes OceanX, Dalio Education, Endless Network, and the Beijing Dalio Foundation. The core of the DFO's culture is built around meaningful work and meaningful relationships and the family's commitment to giving back. The office is headquartered in Westport, CT with regional offices in New York City, Singapore, and Abu Dhabi.
Position Summary:
The Vendor Risk Manager owns the end-to-end third-party risk lifecycle, onboarding, diligence, monitoring, and exit across a high-volume, diverse vendor portfolio. You will synthesize risk across cybersecurity, AI, privacy, financial, and AML/CFT/sanctions domains into clear, actionable risk positions, performing structured threat modeling for high-exposure vendors.
Day-to-day responsibilities would include a combination of the following:
  • Own the VRM program end-to-end: strategy, policy, procedure, workflow, tooling, metrics, and executive reporting for CISO/CRO/board visibility.
  • Lead holistic vendor risk assessments across cybersecurity, AI risk, privacy, financial, AML/CFT/sanctions.
  • Document residual risk acceptances with named accountable executives and time-boxed review dates; coordinate with IT, Legal, Finance, and Compliance as appropriate.
  • Evaluate and monitor vendor security controls based on data sensitivity and business criticality, leveraging industry frameworks and evidence such as SOC 2, ISO 27001, penetration testing, and security assessments.
  • Conduct structured threat models (STRIDE, PASTA) for high risk vendors, and document findings as durable artifacts informing contracting, monitoring, and exit planning.
  • Translate threat model outputs into concrete, testable control requirements drawing from OWASP (ASVS, API Security Top 10, LLM/Agentic Top 10), NIST (SP 800-53, SP 800-161, CSF 2.0, SP 800-207), and MITRE ATT&CK; scale requirements to vendor tier.
  • Partner with Legal to translate identified risks into enforceable contractual requirements.
  • Apply FAIR or comparable quantitative methods for high-impact vendor decisions, expressing cyber risk in loss-exposure terms that resonate with senior leadership.
  • Advise IT, Engineering and business teams on vendor integration architecture (SSO/SCIM, OAuth, conditional access, DLP, segmentation, BYOK, VPC peering) and maintain approved reference patterns.
  • Drive automation and tooling maturity to handle high vendor volume without proportional headcount growth; produce program dashboards tracking throughput, cycle time, recertification compliance, and remediation aging.

The ideal candidate will possess the following knowledge, skills, attributes, and values:
  • Expert knowledge of third-party/vendor risk management
  • Strong risk assessment and analytical skills
  • Technical understanding of enterprise security architecture
  • Excellent communication and stakeholder management skills
  • Proven ability to lead and optimize vendor risk programs

Illustrative Benefits:
  • 100% company paid medical premiums
  • 17 company paid holidays
  • Friday summer hours
  • Monthly community happy hours
  • Hybrid work environment
  • Free catered food services for in-office days
  • Generous PTO offering
  • Casual dress code
  • 150% 401(k) match up to $7,500 and 100% match above $7,500 ($15k match limit)
  • Gym reimbursement, back up childcare services, insurance, financial, and legal services, and much more!

Qualifications:
  • Bachelor's degree in Information Security, Risk Management, Computer Science, Cybersecurity, or a related discipline.
  • At least 7 years of progressive experience across vendor risk management, cybersecurity architecture, security engineering, GRC, audit, or related fields.
  • Experience managing the full third-party/vendor risk lifecycle, including vendor onboarding, due diligence, risk assessments, continuous monitoring, recertification, remediation tracking, and vendor exit planning, with at least 2 years owning an end-to-end TPRM program.
  • Strong technical knowledge of cybersecurity frameworks, standards, and methodologies including NIST, ISO 27001/27002, OWASP, MITRE ATT&CK, Shared Assessments, threat modeling approaches (STRIDE/PASTA), and risk management practices.
  • Hands-on experience evaluating enterprise security controls, cloud and integration architectures, SOC 2 Type II reports, ISO certifications, penetration testing results, data protection requirements, and third-party security risks across complex technology environments.
  • Ability to communicate complex technical and risk concepts to executive stakeholders, collaborate effectively across business functions
  • 10% travel as required based on business needs.

Compensation:
Compensation for the role includes a competitive salary in the range from $175,000 -$260,000 (inclusive of a merit-based bonus, dependent on years of experience, level of education obtained, as well as applicable skillset) and an excellent benefits package, including paid time off ranging from 15 to 25 days based on years of service, paid sick and safe leave, dental, vision, life and disability insurance, paid parental time off, birth mother recovery pay, sick family member pay, parental ramp back up program, gym reimbursement and generous employer match for 401k.
Please note we are unable to provide immigration sponsorship for this position.
At the DFO, we believe our biggest asset is our people. We are proud to be an equal opportunity employer, hiring and developing individuals from diverse backgrounds and experiences to add to our collaborative culture. The DFO treats all candidates and employees with respect and does not discriminate in our recruiting, hiring, and promoting processes and general treatment during employment, including on the basis of actual or perceived race, creed, color, religion, sex, age, sexual orientation, gender identity and/or expression, alienage or national origin, ancestry, citizenship status, marital status, veteran status, or disability.