1

Vendor Risk Manager Jobs in Indiana (NOW HIRING)

Present program health metrics (completion rates, simulation trends, and reporting speed) to the Leadership team. 4. Risk and Vendor Management * Vendor & Risk Execution: Execute the TPRM program ...

At Kirby Risk , we deliver innovative power control and automation solutions that help customers ... Configure and manage power control projects using vendor tools such as Rockwell Power Control ...

... Risk Management workstreams in partnership with architects and product owners * Managing ... Orchestrating cross-functional teams and vendors across onshore and offshore models; aligning ...

Customer Service Representative I

Shelbyville, IN · On-site

$15.25 - $20.75/hr

Work effectively with vendors and management to solve problems and expedite orders * Develop ... Monday-Friday, 1st Shift Why Kirby Risk? Founded in 1926, Kirby Risk is a trusted leader in ...

This role ensures continuous survey readiness and supports organizational risk management, patient ... E. Vendor & Contractor Oversight * Secures contractors, obtains bids, and evaluates service ...

... risk management principles in healthcare environments. Skills Strong documentation and audit preparation skills. Project and facilities management expertise. Leadership and team supervision. Vendor ...

Customer Service Representative I

Shelbyville, IN · On-site

$15.25 - $20.75/hr

Work effectively with vendors and management to solve problems and expedite orders * Develop ... Monday-Friday, 1st Shift Why Kirby Risk? Founded in 1926, Kirby Risk is a trusted leader in ...

... risk management principles in healthcare environments. Skills Strong documentation and audit preparation skills. Project and facilities management expertise. Leadership and team supervision. Vendor ...

Customer Service Representative

Warsaw, IN · On-site

$13.50 - $18.50/hr

Drive accuracy and efficiency by managing and processing all incoming and outgoing paperwork from ... is subject to Risk Strategies' California Job Applicant Privacy Notice. Recruiting Vendor ...

Customer Service Representative

Warsaw, IN · On-site

$15.50 - $21/hr

Drive accuracy and efficiency by managing and processing all incoming and outgoing paperwork from ... Risk Strategies'California Job Applicant Privacy Notice. Recruiting Vendor Disclosure Statement ...

Customer Service Representative

Warsaw, IN · On-site

$15.50 - $21/hr

Drive accuracy and efficiency by managing and processing all incoming and outgoing paperwork from ... is subject to Risk Strategies' California Job Applicant Privacy Notice. Recruiting Vendor ...

Customer Service Representative I

Lafayette, IN · On-site

$15.50 - $21/hr

Counter and Inside Sales * Warehousing and Inventory Management * Vendor and Customer ... Founded in 1926, Kirby Risk is a trusted leader in electrical supply, manufacturing, and mechanical ...

next page

Showing results 1-20

Vendor Risk Manager information

See Indiana salary details

$49K

$106.2K

$161.8K

How much do vendor risk manager jobs pay per year?

As of Jul 7, 2026, the average yearly pay for vendor risk manager in Indiana is $106,153.00, according to ZipRecruiter salary data. Most workers in this role earn between $85,600.00 and $122,800.00 per year, depending on experience, location, and employer.

What is the difference between Vendor Risk Manager vs Vendor Compliance Analyst?

AspectVendor Risk ManagerVendor Compliance Analyst
CertificationsCertified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA)Certified Compliance & Ethics Professional (CCEP), Certified Regulatory Compliance Manager (CRCM)
Work EnvironmentRisk management teams, procurement, legal departmentsCompliance departments, audit teams, legal units
Industry UsageFinance, healthcare, technology, retailFinance, healthcare, manufacturing, technology
Primary FocusIdentifying, assessing, and mitigating vendor risksEnsuring vendor adherence to compliance standards and policies

The Vendor Risk Manager focuses on evaluating and mitigating risks associated with vendors, while the Vendor Compliance Analyst concentrates on ensuring vendors meet regulatory and internal compliance standards. Both roles are essential in managing vendor relationships but differ in their core responsibilities and focus areas.

How does a Vendor Risk Manager typically collaborate with other departments within an organization?

A Vendor Risk Manager works closely with departments like procurement, legal, IT, and compliance to ensure that vendors meet the organization's security and regulatory standards. This collaboration often involves reviewing contracts, assessing potential risks, and implementing mitigation strategies. Regular communication with stakeholders is essential to keep everyone informed about vendor performance and risk status, making cross-functional teamwork a key aspect of the role. Effective collaboration helps streamline risk assessments and supports informed decision-making across the business.

What are the key skills and qualifications needed to thrive as a Vendor Risk Manager, and why are they important?

To thrive as a Vendor Risk Manager, you need expertise in risk assessment, third-party management, and compliance, often backed by a degree in business, finance, or a related field. Familiarity with risk management platforms, contract management tools, and certifications like Certified Third Party Risk Professional (CTPRP) are highly valuable. Strong analytical thinking, negotiation, and clear communication skills help you collaborate with vendors and internal stakeholders effectively. These skills ensure organizations can identify, mitigate, and manage risks arising from third-party relationships, safeguarding business continuity and compliance.

What are Vendor Risk Managers?

Vendor Risk Managers are professionals responsible for identifying, assessing, and mitigating risks associated with third-party vendors that provide goods or services to an organization. They evaluate vendors’ security, compliance, and operational practices to ensure they meet the company’s standards and regulatory requirements. These managers implement frameworks to monitor vendor performance, manage contracts, and respond to potential risks or incidents. Their role is crucial in protecting the organization from financial, reputational, and regulatory harm that can arise from third-party relationships.
What cities in Indiana are hiring for Vendor Risk Manager jobs? Cities in Indiana with the most Vendor Risk Manager job openings:
Infographic showing various Vendor Risk Manager job openings in Indiana as of July 2026, with employment types broken down into 92% Full Time, and 8% Part Time. Highlights an 92% In-person, and 8% Hybrid job distribution, with an average salary of $106,153 per year, or $51 per hour.
Sr. GRC Analyst

Sr. GRC Analyst

Subsplash

Indianapolis, IN

$95K - $105K/yr

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Re-posted 23 days ago


Job description

Sr. GRC Analyst
About Subsplash

Subsplash is an exciting award-winning team of 280+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we've remained family owned and operated while pioneering the market with the first ever church mobile app. Since then, we've been working together to build The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. We find excitement in serving our 14,000+ clients, creating impactful products, and delighting the millions of people who use our platform every day. Subsplash has won awards for best mobile experience, been voted top 100 Washington's Best Workplaces by the Puget Sound Business Journal, created some of the most downloaded apps of all time, and built enterprise software for world-class brands like XBOX, Microsoft, Samsung, Expedia, and Cisco; yet, at the end of the day, we love making a lasting impact and a difference in our world.

Working at Subsplash is more than just a job; we are a team of people who are courageous, inventive, and passionate about doing meaningful work every day. Don't take our word for it—head to Glassdoor and see for yourself!

About the Team

The IT Team at Subsplash is the foundation that maintains all the activities and services that are required to support business functions as well as ensuring proper security across all IT systems. We are passionately focused on delivering delightful support to our internal customers. We achieve this by providing robust day-to-day technical support that empowers our fellow Subsplash employees to perform their best work most often. Beyond daily technical support, our team handles crucial functions such as access management, user provisioning and deprovisioning, new hardware and software setup, and diligently works to keep our dues and subscription spend under budget.

About the Role

The Senior GRC Analyst acts as a strategic lead to advance security and risk operations. In this role, you will integrate people, policy, and technology to drive operational excellence and framework maturity. You will be responsible for identifying security gaps, implementing best practices, and maturing our control environment to ensure we stay ahead of evolving regulatory and threat landscapes. We are building an AI-first compliance function, and this role is expected to lead from the front in identifying and deploying AI tools that scale our GRC program.

Compensation
  • The total compensation for this position is between $95,000-$105,000/yr depending on experience level.
Essential Functions of This Role:Compliance Program Management & Audit Leadership
  • Audit Execution: Act as the primary point of contact for external auditors; lead the end-to-end execution of PCI DSS audits and support internal audit on IT SOX controls.
  • Data Mapping Maintenance: Develop and maintain a comprehensive data inventory and data flow diagrams. Track how sensitive data (PII, PCI) moves through our systems to ensure compliance with privacy regulations and security boundaries.
  • Framework Maturation: Map and implement controls across multiple frameworks (PCI DSS, NIST CSF) to eliminate redundancies and improve the organization's security posture.
  • GRC Reporting: Track and report on GRC program health across compliance posture, risk register status, audit readiness, and control effectiveness. Present metrics and trends to leadership on a regular cadence.
2. Access Governance & Identity Management
  • User Access Reviews (UAR): Orchestrate and lead the quarterly and semi-annual user access review process across all critical systems (SaaS, Cloud Infrastructure, and Internal Tools).
  • Joiner/Mover/Leaver Oversight: Monitor and validate that provisioning and deprovisioning processes are executed accurately and on time across critical systems. Flag exceptions, track remediation, and maintain documentation to support access control audits.
3. Security Awareness & Phishing Program
  • Program Ownership: Execute and maintain a comprehensive, year-round Security Awareness Training (SAT) program that meets PCI DSS requirements while driving actual behavioral change.
  • Phishing Simulations: Execute monthly or quarterly phishing simulations; analyze "fail rates" and provide targeted follow-up training to high-risk groups.
  • Content Curation: Select and deploy engaging security content, newsletters, and "security moments" to keep cybersecurity top-of-mind for all employees.
  • Reporting: Present program health metrics (completion rates, simulation trends, and reporting speed) to the Leadership team.
4. Risk and Vendor Management
  • Vendor & Risk Execution: Execute the TPRM program—conducting vendor security reviews, tracking remediation to completion, and escalating high-risk findings to leadership.
  • Risk Register Ownership: Maintain and update the corporate risk register, ensuring remediation efforts are tracked, validated, and communicated to leadership.
Desired Qualifications:
  • Experience: 3–5 years of dedicated experience in GRC, Information Security, or Audit (FinTech or Financial Services industry experience is highly preferred).
  • Technical Mastery: Deep practical knowledge of PCI DSS requirements and controls.
  • Data Governance: Experience performing Data Mapping exercises and maintaining Records of Processing Activities (RoPA).
  • SAT Strategy: Proven experience managing phishing platforms (e.g., KnowBe4, Mimecast, or Vanta-integrated tools) and developing security training curricula.
  • IAM Expertise: Proven experience managing formal access review cycles and identity governance processes.
  • Systems: Proven experience administering a GRC platform, including automated evidence collection, control monitoring, and access review workflows. Direct experience with Vanta is a significant advantage.
  • SOX IT Controls: Experience with SOX IT General Controls (ITGCs), including change management, logical access, computer operations controls, and segregation of duties (SoD). This role will work directly with internal audit to support IT SOX control testing and evidence collection.
  • AI Tooling: Demonstrated experience using AI tools to improve GRC workflows, automate reporting, or accelerate evidence collection and analysis.
Core Competencies
  • Critical Thinker: You have a drive for distinguishing clear priorities and conclusions from ambiguous data.
  • Velocity: You bring urgency and momentum to compliance work—prioritizing ruthlessly, moving quickly through ambiguity, and consistently pushing the program further than the baseline requires.
  • Detail Oriented: You notice the small gaps in access logs, data maps, or training reports that others might miss.
  • AI-Forward: You treat AI as a force multiplier for GRC work—using it to compress audit prep cycles, automate evidence gathering, and free up capacity for higher-value risk analysis.
  • Collaborative: You work effectively across IT and Engineering to surface control gaps, translate technical risks into compliance language, and ensure cross-functional ownership of remediation.
Your First 90 Days
  • Own the PCI DSS evidence pipeline. Get fully oriented on the current ASV scanning cadence, open findings, and SAQ scoping in Vanta. By day 60, be actively supporting evidence collection. By day 90, have a clear understanding of the program state and a plan for taking it over fully.
  • Get oriented on the SOX SoD review cycle. The conflict detection framework and SoD procedure are built. Within 90 days, develop a working understanding of the quarterly review rhythm, the supporting Confluence documentation, and the compensating controls tracking process — with the goal of owning it independently shortly after.
  • Complete a full UAR cycle. Execute a complete user access review across all critical systems, coordinating with IT and system owners, documenting exceptions, and tracking remediation to closure. This is a tangible, auditable deliverable that demonstrates cross-functional coordination and Vanta proficiency.

Deliver a first GRC metrics report to leadership. Produce a polished metrics report covering compliance posture, risk register status, PCI standing, and SOX control health. This establishes the reporting cadence and introduces the role to leadership on their terms.

Location

Subsplash currently has operations in 27 states across the US! As much as we would love to have employees in as many states and countries as we have clients, we are currently limiting hiring to the states we already operate in. As a result of that, this role is only available as a 100% remote position if you reside in one of the following states:

AL, AR, AZ, CO, FL, GA, ID, IA, IN, KS, KY, MO, MI, MN, NC, NM, OK, OH, OR, SC, SD, TN, TX, UT, VA, WA, WY.

We are not sponsoring relocation for this role so unfortunately, if you do not currently reside in one of these states, we are unable to consider your application.

Benefits

Generous Paid Time Off, Medical Coverage, Dental Coverage, Vision Coverage, short and long term disability and life insurance all free of charge, Competitive Compensation, 401k Matching, Professional Development, Top of the Line Equipment, Referral Program, Parental Leave, Family-Friendly Culture, and the chance to work side-by-side with thought leaders in emerging tech


Note: Employment with Subsplash is contingent upon satisfactory proof of employee's right to work in the U.S., as required by law and upon completion of a basic background check and; employment with Subsplash is considered "at will," meaning that either the company or the employee may terminate the employment relationship at any time without cause or notice.

Subsplash is an Equal Opportunity Employer. We value all human life as all people are created with equal dignity, value, and worth. We do not discriminate on the ground of race, color, religion, sex, age, disability or national origin, or genetic information in the hiring, retention, or promotion of employees; nor in determining their rank, or the compensation or fringe benefits paid them.

#LI-Remote #BI-Remote