1

Vendor Risk Management Jobs in Raleigh, NC (NOW HIRING)

Conduct third-party vendor risk assessments and internal risk evaluations; identify, document, and ... Bachelor's degree in information security assurance, business management, or a related field * 2-3 ...

Conduct third-party vendor risk assessments and internal risk evaluations; identify, document, and ... Bachelor's degree in information security assurance, business management, or a related field * 2-3 ...

... vendor risk management. * Proactively update and maintain compliance documentation with attention to detail. * Deploy and maintain tools to track compliance related OKRs and measure and optimize the ...

New

With an emphasis on cyber, contract and regulatory compliance risk management, the ideal candidate ... Identify and communicate risk of vendor engagements and mitigation actions to business owners and D ...

... and vendors for development of effective model management, analytics, and reporting Own ... Previous experience with card risk management systems preferred, with Visa and Visa DPS risk tools ...

Partner with supply chain to support procurement strategies, vendor performance, and material ... Protect and enhance margins through disciplined project management and risk mitigation.

next page

Showing results 1-20

Vendor Risk Management information

See Raleigh, NC salary details

$42.3K

$100.8K

$162.8K

How much do vendor risk management jobs pay per year?

As of Jul 15, 2026, the average yearly pay for vendor risk management in Raleigh, NC is $100,809.00, according to ZipRecruiter salary data. Most workers in this role earn between $70,500.00 and $128,300.00 per year, depending on experience, location, and employer.

What is the highest paying risk management job?

In risk management, senior roles such as Chief Risk Officer (CRO) or Director of Risk Management tend to have the highest salaries, often exceeding six figures annually. These positions require extensive experience, advanced certifications like FRM or CRM, and strong leadership skills, especially in financial services, insurance, or large corporations.

What is a vendor risk management job description?

A vendor risk management job involves assessing and monitoring the risks associated with third-party vendors to ensure compliance with security, legal, and operational standards. Responsibilities include conducting risk assessments, developing mitigation strategies, and maintaining vendor relationships, often using tools like risk management software. Strong analytical skills and knowledge of regulatory requirements are essential for this role.

What are the key skills and qualifications needed to thrive in the Vendor Risk Management position, and why are they important?

To thrive in Vendor Risk Management, you need a solid background in risk assessment, contract analysis, and supply chain management, often supported by a degree in business, finance, or a related field. Familiarity with risk management software, vendor management systems, and relevant certifications such as Certified Third Party Risk Professional (CTPRP) are highly valued. Strong attention to detail, excellent communication, and negotiation skills help build effective vendor relationships and navigate complex scenarios. These capabilities are crucial for ensuring organizational compliance, minimizing third-party risks, and maintaining strong supplier performance.

How much does a risk manager get paid?

A risk manager's salary typically ranges from $70,000 to $130,000 annually, depending on experience, industry, and location. Professionals with certifications like CRM or FRM and strong analytical skills tend to earn higher salaries, especially in financial services and corporate sectors.

What is vendor risk management?

Vendor risk management is a process used by organizations to identify, assess, and mitigate risks associated with third-party vendors. It involves evaluating vendors' security, compliance, and operational practices to ensure they do not pose threats to the organization’s data, reputation, or operations, often supported by tools like risk assessment frameworks and requiring ongoing monitoring.

What is a Vendor Risk Management job?

A Vendor Risk Management (VRM) job involves assessing, monitoring, and mitigating risks associated with third-party vendors and suppliers. Professionals in this role evaluate vendor security, compliance, and operational risks to protect their organization from potential disruptions, data breaches, or regulatory violations. They work closely with procurement, legal, and IT teams to establish risk management frameworks and ensure vendors meet contractual and security standards. Their responsibilities often include conducting risk assessments, reviewing vendor contracts, and developing risk mitigation strategies. Effective VRM helps organizations reduce exposure to risks while maintaining productive vendor relationships.

What are some common challenges faced in a Vendor Risk Management role?

Professionals in Vendor Risk Management often encounter the challenge of assessing and monitoring a wide range of vendors, each with unique risk profiles and compliance requirements. Balancing multiple projects, managing deadlines, and ensuring clear communication between internal stakeholders and vendors can also be demanding. Staying updated on evolving regulatory standards and quickly adapting to new risks is essential in this role. Overcoming these challenges requires strong organizational skills, continual learning, and proactive relationship management.

What are the most commonly searched types of Vendor Risk Management jobs in Raleigh, NC? The most popular types of Vendor Risk Management jobs in Raleigh, NC are:
What cities near Raleigh, NC are hiring for Vendor Risk Management jobs? Cities near Raleigh, NC with the most Vendor Risk Management job openings:
Infographic showing various Vendor Risk Management job openings in Raleigh, NC as of July 2026, with employment types broken down into 1% As Needed, 78% Full Time, 17% Part Time, 1% Temporary, and 3% Contract. Highlights an 87% Physical, 3% Hybrid, and 10% Remote job distribution, with an average salary of $100,809 per year, or $48.5 per hour.
Senior IT GRC Advisor

Senior IT GRC Advisor

Community Care of North Carolina Inc

Cary, NC • On-site

$95K - $125K/yr

Full-time

Re-posted 13 days ago


Job description


About CCNC:

From the mountains to the coast, from large cities to small towns, Community Care of North Carolina is transforming health care. Informed by statewide data and predictive analytics, community-based care-managers work with local physicians and diverse teams of health professionals to develop whole-person plans of care that connect people to the right local resources and increase equity and access to high quality care.

CCNC Mission Statement

To improve the health and quality of life for all North Carolinians by building supporting better community-based healthcare delivery systems.

Position SummaryThe Senior IT GRC Advisor is responsible for leading and maturing CCNC's enterprise IT governance, risk, and compliance program. This role serves as a senior advisor to leadership and works in alignment with IT security and IT leadership on IT risk, cybersecurity governance, internal controls, regulatory obligations, and audit readiness, while maintaining practical, business-aligned processes that strengthen the control environment across infrastructure, applications, cloud platforms, vendors, data protection, and strategic technology initiatives. The Senior IT GRC Advisor is accountable for the development, implementation, and continuous improvement of IT GRC methodologies, policies, standards, risk assessments, issue management, reporting, and advisory services that support secure and compliant operations.


Essential Functions
  • Lead the enterprise IT GRC program, including governance structures, risk management processes, policy oversight, control framework alignment, and reporting on program effectiveness to leadership.
  • Demonstrate strong critical thinking and professional skepticism to assess control design and operating effectiveness, analyze requirements, data, and processes in context, and provide defensible, risk-based recommendations to management.
  • Plan, lead, and execute IT risk assessments, audits, and advisory engagements across infrastructure, applications, cloud services, cybersecurity processes, data protection controls, and enterprise technology initiatives.
  • Develop, maintain, and mature the IT risk register and issue management process, including documenting risks, assigning ownership, tracking remediation plans, validating closure, and reporting residual risk and trends to leadership.
  • Establish and maintain GRC metrics, dashboards, KPIs, and KRIs to provide leadership with meaningful visibility into control effectiveness, audit readiness, remediation status, and emerging risk trends.
  • Collaborate with IT, Security, Privacy, Legal, Compliance, Internal Audit, and business stakeholders to strengthen internal controls and implement sustainable corrective and preventive actions.
  • Advise on large-scale enterprise projects, system implementations, and technology changes by embedding risk, compliance, control, and governance requirements throughout the project and system lifecycle.
  • Lead third-party and vendor risk management activities, including due diligence, control reviews, evidence evaluation, contract and security requirement alignment, ongoing monitoring, and escalation of material risks. Assess third-party controls, including SOC reports, HITRUST certifications, penetration testing results, policy documentation, and other independent assurance artifacts to evaluate control design and operating effectiveness.
  • Conduct cloud and SaaS compliance assessments across platforms such as AWS and Azure, with emphasis on shared responsibility, configuration governance, access management, identity governance, and evidence-based validation of security controls.
  • Evaluate identity and access management controls, including privileged access management, role-based access control, user provisioning and deprovisioning, and workforce access appropriateness.
  • Support the organization’s preparedness for internal and external audits, regulatory reviews, and control assessments by coordinating evidence, validating remediation, and improving documentation quality and audit readiness.
  • Assess IT and security policies, standards, procedures, and governance artifacts for alignment to recognized frameworks and regulatory expectations. Provide risk based and business centric recommendations to address gaps.
  • Develop and facilitate workforce education and awareness programs related to security, privacy, compliance, and internal controls, with a focus on practical risk ownership and control accountability.
  • Coordinate with operational and technical teams to evaluate incident response, disaster recovery, and business continuity control design and testing from a GRC perspective.
  • Support responsible AI governance and AI assurance efforts by assessing governance structures, usage controls, risk mitigation approaches, and emerging compliance expectations related to AI-enabled tools and processes.
  • Develop and maintain GRC methodologies, templates, repositories, internal sites, and reporting artifacts that improve consistency, efficiency, and program maturity.
  • Fulfill other GRC responsibilities as assigned by management.
Qualifications
  • Bachelor’s degree in information technology, cybersecurity, information systems, accounting, audit, risk management, or a related field.
  • Minimum of 7 years of progressive experience in IT audit, IT risk management, cybersecurity compliance, or GRC program leadership.
  • Demonstrated experience planning and leading complex IT audit, risk assessment, or advisory engagements.
  • Experience developing or maturing GRC programs, frameworks, policies, risk registers, metrics, or issue management processes.
  • Experience assessing third-party and vendor risk and reviewing assurance artifacts such as SOC reports, penetration tests, and security certifications.
  • Experience conducting cloud risk or compliance assessments in AWS, Azure, or similar environments.

Certifications

  • One or more of the following certifications is required: CISA, CISSP, CISM, CRISC, CGEIT, CDPSE, or equivalent.

Preferred

  • Working knowledge of the HIPAA Security Rule and recognized security practices relevant to safeguarding ePHI.
  • Experience with AI governance, AI risk assessments, or AI assurance reviews.
  • Experience in continuous controls monitoring, executive reporting, and program maturity improvement.
  • Experience in healthcare, regulated environments, or privacy and security compliance programs preferred.
Knowledge, Skills, and Abilities
  • Knowledge of enterprise IT governance, risk management, and compliance principles.
  • Knowledge of IT general controls, internal control frameworks, and audit methodologies.
  • Knowledge of cybersecurity concepts, including identity and access management, vulnerability management, incident response, disaster recovery, business continuity, and cloud security.
  • Knowledge of healthcare security and privacy requirements, including HIPAA Security Rule concepts.
  • Knowledge of third-party and vendor risk management practices, including review of SOC reports, security questionnaires, and other assurance documentation.
  • Knowledge of policy, standards, and procedure development to support a strong internal control environment.
  • Knowledge of issue management, remediation tracking, and continuous improvement practices.
  • Knowledge of recognized frameworks and standards such as NIST CSF, NIST 800-53, COBIT, ISO 27001, PCI DSS, and HITRUST.
  • Skill in leading IT risk assessments, audits, and advisory engagements.
  • Skill in evaluating control design and operating effectiveness and identifying gaps and remediation priorities.
  • Skill in developing and maintaining risk registers, issue logs, corrective action plans, and supporting documentation.
  • Skill in reviewing vendor documentation and assurance artifacts such as SOC reports, penetration test results, certifications, and policy evidence.
  • Skill in drafting and revising policies, standards, and procedures.
  • Skill in preparing dashboards, executive reports, KPIs, KRIs, and risk summaries.
  • Skill in facilitating interviews, walkthroughs, stakeholder meetings, and remediation follow-up discussions.
  • Skill in assessing cloud, access management, and identity governance controls.
  • Skill in communicating clearly in writing and verbally with technical and non-technical audiences.
  • Ability to analyze complex information, processes, and control environments.
  • Ability to exercise sound judgment and professional skepticism.
  • Ability to develop practical, risk-based recommendations.
  • Ability to influence and collaborate with leaders and cross-functional stakeholders.
  • Ability to manage multiple priorities with minimal supervision.
  • Ability to translate technical and regulatory requirements into business-friendly guidance.
  • Ability to support audit readiness and continuous improvement efforts.
  • Ability to identify emerging risks involving third parties, cloud environments, data protection, and AI-related governance.
  • Ability to maintain confidentiality when handling sensitive organizational, compliance, and security information.
Working Conditions
  • Routinely there may be some minor physical inconveniences or discomforts in the work setting, including sitting for moderate periods of time
  • Must be able to utilize office equipment, computer, keyboard, and phone with or without assistive devices
  • Repetitive wrist motion and occasional lifting/carrying of up to 25 pounds

Why Join Us

  • Make a meaningful impact on youth and families across North Carolina
  • Work with a supportive and collaborative care team
  • Competitive Benefits Package effective first day of employment
  • Opportunities for growth, training, and bonus incentives*

Ready to improve the health and quality of life of all North Carolinians by building and supporting better community-based health care delivery systems?

  • Apply today and join us in delivering compassionate care that makes a difference.