ZipRecruiter

Log In

1

Vendor Risk Management Jobs in Virginia (NOW HIRING)

IMR Soft Llc

Risk Manager

Mclean, VA · On-site

$55 - $60/hr

Provide strategic thinking on next levels of maturity in Technology & Vendor Risk management * Act as a cross functional partner in the deployment of our information security program within the ...

ECS

Supply Chain Risk Management Lead

Falls Church, VA · On-site

... vendor supply chain risk governance across the WDP Core Integration program, directing the full ... Risk Management Framework requirements, and federal cybersecurity mandates. In this role, the ...

next page

Showing results 1-20

All JobsVendor Risk Management JobsVendor Risk Management Jobs in Virginia

Vendor Risk Management information

See Virginia salary details

$43.1K

$102.8K

$166.1K

How much do vendor risk management jobs pay per year?

As of Jun 18, 2026, the average yearly pay for vendor risk management in Virginia is $102,814.00, according to ZipRecruiter salary data. Most workers in this role earn between $71,900.00 and $130,900.00 per year, depending on experience, location, and employer.

What is the highest paying risk management job?

In risk management, senior roles such as Chief Risk Officer (CRO) or Director of Risk typically have the highest salaries, often exceeding six figures annually. These positions require extensive experience, advanced certifications like FRM or CRM, and strong leadership skills, especially in financial services, insurance, or large corporations.

Do risk managers make good money?

Risk managers, including those in vendor risk management, typically earn competitive salaries that vary by experience, industry, and location. According to industry reports, median annual salaries range from $70,000 to over $120,000, with additional compensation for certifications like CRISC or FRM. The role often requires strong analytical skills and knowledge of compliance and risk assessment tools.

What are the key skills and qualifications needed to thrive in the Vendor Risk Management position, and why are they important?

To thrive in Vendor Risk Management, you need a solid background in risk assessment, contract analysis, and supply chain management, often supported by a degree in business, finance, or a related field. Familiarity with risk management software, vendor management systems, and relevant certifications such as Certified Third Party Risk Professional (CTPRP) are highly valued. Strong attention to detail, excellent communication, and negotiation skills help build effective vendor relationships and navigate complex scenarios. These capabilities are crucial for ensuring organizational compliance, minimizing third-party risks, and maintaining strong supplier performance.

How much does a Risk Manager get paid?

The average salary for a Risk Manager typically ranges from $80,000 to $130,000 annually, depending on experience, industry, and location. Professionals in vendor risk management often require certifications like CRISC or FRM and may work in financial, healthcare, or technology sectors.

What is a Vendor Risk Management job?

A Vendor Risk Management (VRM) job involves assessing, monitoring, and mitigating risks associated with third-party vendors and suppliers. Professionals in this role evaluate vendor security, compliance, and operational risks to protect their organization from potential disruptions, data breaches, or regulatory violations. They work closely with procurement, legal, and IT teams to establish risk management frameworks and ensure vendors meet contractual and security standards. Their responsibilities often include conducting risk assessments, reviewing vendor contracts, and developing risk mitigation strategies. Effective VRM helps organizations reduce exposure to risks while maintaining productive vendor relationships.

What is a vendor Risk Manager?

A Vendor Risk Manager is responsible for assessing and mitigating risks associated with third-party vendors and suppliers. They evaluate vendor security, compliance, and performance, often using risk management tools and frameworks to ensure organizational safety and regulatory adherence.

What are some common challenges faced in a Vendor Risk Management role?

Professionals in Vendor Risk Management often encounter the challenge of assessing and monitoring a wide range of vendors, each with unique risk profiles and compliance requirements. Balancing multiple projects, managing deadlines, and ensuring clear communication between internal stakeholders and vendors can also be demanding. Staying updated on evolving regulatory standards and quickly adapting to new risks is essential in this role. Overcoming these challenges requires strong organizational skills, continual learning, and proactive relationship management.

What are the most commonly searched types of Vendor Risk Management jobs in Virginia? The most popular types of Vendor Risk Management jobs in Virginia are:
What are popular job titles related to Vendor Risk Management jobs in Virginia? For Vendor Risk Management jobs in Virginia, the most frequently searched job titles are:
What job categories do people searching Vendor Risk Management jobs in Virginia look for? The top searched job categories for Vendor Risk Management jobs in Virginia are:
What cities in Virginia are hiring for Vendor Risk Management jobs? Cities in Virginia with the most Vendor Risk Management job openings:
Vendor Risk Management jobs near you
Infographic showing various Vendor Risk Management job openings in Virginia as of June 2026, with employment types broken down into 84% Full Time, 13% Part Time, and 3% Temporary. Highlights an 88% Physical, 4% Hybrid, and 8% Remote job distribution, with an average salary of $102,814 per year, or $49.4 per hour.
Third Party Risk Management Analyst

Third Party Risk Management Analyst

Burke & Herbert Bank & Trust

Alexandria, VA • On-site

Full-time

Posted 8 days ago

Burke & Herbert Bank rating

5.6

Company rating: 5.6 out of 10

Based on 8 frontline employees who took The Breakroom Quiz

132nd of 141 rated banks

Job description

CLASSIFICATION: Non-exempt

REPORTS TO: Program Manager, Third Party Risk Management

JOB DESCRIPTION

Summary/Objective


Under the direction of the Program Manager, Third Party Risk Management, the Third‑Party Vendor Risk Analyst supports the execution of the Bank’s Third‑Party Risk Management (TPRM) Program by performing day‑to‑day operational, analytical, and facilitation activities. In partnership with the Program Manager, the Analyst helps strengthen and sustain effective vendor review cadence by coordinating stakeholder inputs, producing complete and traceable documentation, and preparing exam‑ready artifacts. This role ensures vendor risk activities—including due diligence, ongoing monitoring, documentation, and issue tracking—are executed in a timely, consistent, and examination‑defensible manner.


Essential Functions
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


  • Execute day‑to‑day third‑party risk management activities for new and existing vendors in accordance with the Bank’s TPRM Program, with heightened focus on critical and GLBA‑High risk relationships. Support initial due diligence and ongoing risk assessments by collecting, validating, and documenting required artifacts and supporting materials for higher‑risk vendors to facilitate effective review, challenge, and approval by the Program Manager.


  • Maintain and manage the rolling vendor review schedule established by the Program Manager, ensuring critical and high‑risk third‑party relationships are prioritized and reviewed in accordance with established cadence and monitoring requirements. Coordinate with internal stakeholders, including Information Security, IT, Compliance, Finance, and Accounting, to obtain required risk assessment inputs and documentation necessary to support vendor reviews, providing enhanced facilitation for critical and GLBA‑High risk vendors.


  • Track vendors review progress, outstanding action items, and remediation activities, maintaining visibility into reviews, documentation gaps, and issue resolution. Proactively escalate aging, overdue, or at‑risk items to the Program Manager to support timely awareness, decision‑making, and risk mitigation.


  • Prepare, maintain, and organize comprehensive vendor review documentation, including executive summaries, evidence inventories, and issue tracking materials, with enhanced rigor applied to files associated with critical and GLBA‑High risk vendors. Ensure that vendor risk conclusions and assigned risk ratings are clearly, consistently, and defensibly supported by documented evidence prior to Program Manager review and sign‑off.


  • Assist in documenting risk acceptance decisions and remediation status under the direction of the Program Manager, ensuring alignment with TPRM program standards, internal governance expectations, and applicable regulatory requirements.


  • Identify procedural gaps, workflow inefficiencies, and documentation issues encountered during third‑party risk management execution, particularly those impacting oversight of critical and GLBA‑High risk vendors. Escalate observations and improvement opportunities to the Program Manager for program‑level evaluation and continuous improvement.


  • Support ad hoc projects, process enhancements, and targeted initiatives led by the Program Manager to strengthen third‑party risk governance, operational effectiveness, and overall program maturity.


Other Duties

  • Contract and Procurement Support

Support the Program Manager by tracking vendor‑related review milestones (including onboarding, renewals, and amendments). Ensure required vendor review documentation is complete, accurate, and available to support informed contractual decisions prior to execution.


  • Governance, Metrics, and Reporting Support

Compile and maintain program metrics, status reports, and supporting materials used to measure and monitor Third‑Party Risk Management (TPRM) program performance. Assist, as directed by the Program Manager, in preparing materials for internal governance forums, audits, and regulatory examinations.


  • Audit and Examination Readiness

Support internal and external audits and regulatory examinations by organizing vendor files, maintaining evidence mappings, and assembling response documentation under Program Manager guidance. Maintain vendor records in an exam‑ready state to support Program Manager interactions with auditors, regulators, and risk committees.

Skills/Abilities

  • Working knowledge of third-party risk management practices and regulatory expectations within a regulated financial services environment.
  • Strong analytical skills with the ability to assess risk data, identify trends, and support informed decision-making.
  • Excellent organizational and documentation skills with high attention to detail.
  • Ability to collaborate effectively with cross‑functional stakeholders while operating under Program Manager direction.
  • Strong written and verbal communication skills to support clear documentation, issue analysis, and timely escalation.
  • Proficiency with Microsoft Office (Excel, Word, PowerPoint) and risk management or workflow tracking tools.

Supervisory Responsibility

This position does not have supervisory responsibilities.


Work Environment

This job operates in an office setting, the opportunity to telework is not available. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. Office environment with job duties conducted via telephone, face to face meetings, and on the computer.


Physical Demands

This position requires manual dexterity, the ability to lift files and open cabinets. This position requires bending, stooping, or standing, as necessary.


Travel

Limited local travel may be required for this position.

Education and Experience

Education

  • Requires a bachelor’s degree in business, Finance, Risk Management, Information Systems, Compliance, or a related field or equivalent professional experience supporting risk management functions in a regulated environment.

Experience

  • Requires a minimum of 1 year of experience supporting third‑party vendor management, operational risk, compliance, information security, or a related risk discipline within a regulated industry.
  • Requires hands‑on experience supporting vendor due diligence, ongoing monitoring, documentation, and issue tracking activities.
  • Experience coordinating with cross‑functional stakeholders (e.g., Information Security, IT, Compliance, Finance) to collect and organize risk assessment inputs.
  • Experience producing or maintaining clear, well‑organized, and evidence‑based documentation to support management review, audit, or regulatory examination.



Equal Employment Opportunity/M/F/disability/protected veteran status.



Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.