1

Vendor Risk Manager Jobs in Michigan (NOW HIRING)

Senior Counsel

Southfield, MI · On-site

$128K - $173K/yr

... vendor risk management, and alignment with organizational innovation and transformation goals. * Draft, review, and negotiate technology and digital services agreements, including master services ...

Senior Counsel

Grand Rapids, MI · On-site

$134K - $182K/yr

... vendor risk management, and alignment with organizational innovation and transformation goals. * Draft, review, and negotiate technology and digital services agreements, including master services ...

Senior Counsel

Grand Rapids, MI · On-site

$134K - $182K/yr

... vendor risk management, and alignment with organizational innovation and transformation goals. * Draft, review, and negotiate technology and digital services agreements, including master services ...

next page

Showing results 1-20

Vendor Risk Manager information

See Michigan salary details

$44.9K

$97.2K

$148.2K

How much do vendor risk manager jobs pay per year?

As of Jul 8, 2026, the average yearly pay for vendor risk manager in Michigan is $97,232.00, according to ZipRecruiter salary data. Most workers in this role earn between $78,400.00 and $112,400.00 per year, depending on experience, location, and employer.

What is the difference between Vendor Risk Manager vs Vendor Compliance Analyst?

AspectVendor Risk ManagerVendor Compliance Analyst
CertificationsCertified Third Party Risk Professional (CTPRP), Certified Information Systems Auditor (CISA)Certified Compliance & Ethics Professional (CCEP), Certified Regulatory Compliance Manager (CRCM)
Work EnvironmentRisk management teams, procurement, legal departmentsCompliance departments, audit teams, legal units
Industry UsageFinance, healthcare, technology, retailFinance, healthcare, manufacturing, technology
Primary FocusIdentifying, assessing, and mitigating vendor risksEnsuring vendor adherence to compliance standards and policies

The Vendor Risk Manager focuses on evaluating and mitigating risks associated with vendors, while the Vendor Compliance Analyst concentrates on ensuring vendors meet regulatory and internal compliance standards. Both roles are essential in managing vendor relationships but differ in their core responsibilities and focus areas.

How does a Vendor Risk Manager typically collaborate with other departments within an organization?

A Vendor Risk Manager works closely with departments like procurement, legal, IT, and compliance to ensure that vendors meet the organization's security and regulatory standards. This collaboration often involves reviewing contracts, assessing potential risks, and implementing mitigation strategies. Regular communication with stakeholders is essential to keep everyone informed about vendor performance and risk status, making cross-functional teamwork a key aspect of the role. Effective collaboration helps streamline risk assessments and supports informed decision-making across the business.

What are the key skills and qualifications needed to thrive as a Vendor Risk Manager, and why are they important?

To thrive as a Vendor Risk Manager, you need expertise in risk assessment, third-party management, and compliance, often backed by a degree in business, finance, or a related field. Familiarity with risk management platforms, contract management tools, and certifications like Certified Third Party Risk Professional (CTPRP) are highly valuable. Strong analytical thinking, negotiation, and clear communication skills help you collaborate with vendors and internal stakeholders effectively. These skills ensure organizations can identify, mitigate, and manage risks arising from third-party relationships, safeguarding business continuity and compliance.

What are Vendor Risk Managers?

Vendor Risk Managers are professionals responsible for identifying, assessing, and mitigating risks associated with third-party vendors that provide goods or services to an organization. They evaluate vendors’ security, compliance, and operational practices to ensure they meet the company’s standards and regulatory requirements. These managers implement frameworks to monitor vendor performance, manage contracts, and respond to potential risks or incidents. Their role is crucial in protecting the organization from financial, reputational, and regulatory harm that can arise from third-party relationships.
What cities in Michigan are hiring for Vendor Risk Manager jobs? Cities in Michigan with the most Vendor Risk Manager job openings:
Cybersecurity Risk Coordinator | GRC | Full-Time

Cybersecurity Risk Coordinator | GRC | Full-Time

Corporate Services

Troy, MI • On-site

Other

Posted 6 days ago


Job description

GENERAL SUMMARY:

The Cybersecurity Risk Coordinator reports to the Manager of Cybersecurity Risk Services. This position will work in a collaborative effort with Cybersecurity Risk Specialists, IT, and all system leadership (Supervisor and above) to assure incoming requests are addressed and distributed to the proper team members. Additionally, this role works closely with Cybersecurity Risk Specialists to support all employee and non-employee roles, including, but not limited to vendors, contractors, consultants, and partners to support the mission and goals of Henry Ford Health Cybersecurity Risk Management strategy. 

PRINCIPLE DUTIES AND RESPONSIBILITIES: 

The Cybersecurity Risk Coordinator handles supporting tasks related to performing cyber/third party risk assessments of applications, infrastructure, business, and technology vendors against a defined risk framework. These assessments will be performed either through a formalized risk assessment program or through other risk reporting activities (e.g., policy exception, risk acceptance, controls). 

Must have the ability to develop work with minimal supervision, maintain and report against a work plan, give appropriate updates and status reports, and serve as a point of contact and liaison with internal and external auditors, assessors, vendors and clients and assist other staff members.

  •  Responsible for understanding the Cybersecurity Risk Services department and Information Privacy and Security Office services, functional IT services, and the business unit processes/ systems to provide world-class cybersecurity risk services.
  • Validating Risk Intake Request Forms for employees and non-employees via technology platform and triaging it to the Cybersecurity Risk Specialists capable of starting their tasks.
  • Assist in corporate process creation and revision using MS Office including Visio.
  • Supporting, creating processes for intake of forms, streamline/update existing processes, procedures, and checklists.
  • Liaison with internal / external stakeholders as needed.
  • Contributes to the development and maintenance of supporting technology platforms and Corporate Information Security policies and procedures.
  • Manage Group Outlook Mailbox and assign a ticket in the technology platform to Cybersecurity Risk Specialists to start their tasks.
  • Supports managing checklists, and continuously improves the work instructions with the team. 
  • Initializes cyber/third party risk assessments reports for the Cybersecurity Risk Specialists to review for closure.
  • Support IPSO and IT teams via integrated workflow. 
  • Supports client due diligence requests including the completion of questionnaires.
  • Supports project and strategy advisory services and supports as needed. 
  • Capable of following documented work instructions with limited guidance. 
  • Other duties may be assigned.

EDUCATION/EXPERIENCE REQUIRED:

  • Associates' degree in information systems, Computer Science or related field preferred, relevant work experience/certification considered. 
  • 2+ years of experience in IT risk mgt, IT Controls mgt or IT Audit mgt. 
  • Demonstrates strong and effective verbal, written, and interpersonal communication skills, with experience in all at the executive level.
  • Ability to prioritize and multi-task in a dynamic, fast paced, and challenging environment.
  • Knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle. 
  • Knowledge of information security best practices, NIST Cybersecurity Framework and common risk frameworks.
  • Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
Additional Information
  • Organization: Corporate Services
  • Department: Ascension Privacy_Security RMS
  • Shift: Day Job
  • Union Code: Not Applicable