1

Vendor Risk Jobs in Colorado (NOW HIRING)

Director, Risk Management

Denver, CO · On-site

$192K - $216K/yr

Field and manage COI requests from vendors and financing parties * Advise on insurable and uninsurable risks to project teams and business unit leaders * Maintain company Risk Management Information ...

Director, Risk Management

Denver, CO · On-site

$192K - $216K/yr

STACK is looking for a Director of Risk Management togrow and mature its insurance programs. As a ... Field and manage COI requests from vendors and financing parties * Advise on insurable and ...

Enterprise Risk Analyst II

Denver, CO · On-site

$63K - $95K/yr

Assess emerging and evolving risk exposures by analyzing changes in business activities, technology, vendors, and the external environment and recommending updates to risk assessments. * Manage risk ...

Oversee vendor/third-party risk within the cyber risk portfolio to ensure supply-chain risk is governed in line with enterprise practices. * Build, lead, and develop a team of senior managers and ...

Enterprise Risk Analyst II

Denver, CO · On-site

$63K - $95K/yr

Assess emerging and evolving risk exposures by analyzing changes in business activities, technology, vendors, and the external environment and recommending updates to risk assessments. * Manage risk ...

Enterprise Risk Analyst II

Denver, CO · On-site

$63K - $95K/yr

Assess emerging and evolving risk exposures by analyzing changes in business activities, technology, vendors, and the external environment and recommending updates to risk assessments. * Manage risk ...

next page

Showing results 1-20

Vendor Risk information

What is the difference between Vendor Risk vs Vendor Compliance?

AspectVendor RiskVendor Compliance
FocusIdentifying and mitigating risks associated with vendorsEnsuring vendors meet regulatory and contractual requirements
CertificationsRisk management certifications (e.g., CRISC, FAIR)Compliance certifications (e.g., ISO 27001, SOC 2)
Work EnvironmentRisk assessment teams, procurement, security departmentsLegal, compliance, audit teams
Industry UsageFinancial, healthcare, technology sectorsFinancial services, healthcare, regulated industries

Vendor Risk and Vendor Compliance roles often overlap but serve different purposes. Vendor Risk focuses on identifying and mitigating potential risks posed by vendors, while Vendor Compliance ensures vendors adhere to legal and contractual standards. Both are essential for managing vendor relationships effectively and maintaining organizational security and compliance.

What cities in Colorado are hiring for Vendor Risk jobs? Cities in Colorado with the most Vendor Risk job openings:
Infographic showing various Vendor Risk job openings in Colorado as of July 2026, with employment types broken down into 1% As Needed, 86% Full Time, 11% Part Time, and 2% Contract. Highlights an 87% Physical, 4% Hybrid, and 9% Remote job distribution.
Governance Risk & Compliance (GRC) Analyst

Governance Risk & Compliance (GRC) Analyst

Judge Group, Inc.

Lakewood, CO • On-site

$55 - $65/hr

Other

Re-posted 11 days ago


Job description

Location: Lakewood, CO Salary: $55.00 USD Hourly - $65.00 USD Hourly Description: Our client is currently seeking a Governance Risk & Compliance (GRC) Analyst
Governance, Risk & Compliance (GRC) Analyst
Contract-to-Hire | $130-140K Conversion Salary | Remote OK (Denver onsite preferred; relocation available upon conversion)
Role Overview
The GRC Analyst supports the Global Information Security Office by driving governance, risk management, and compliance initiatives across the organization. This role requires a proactive, flexible professional who can operate in a fast-changing environment, communicate effectively with leadership, and quickly take ownership of key GRC activities.
Key Responsibilities
Risk, Audit & Compliance
  • Support company-wide information security risk assessments for projects, systems, and vendors.
  • Assist with internal and external audits (e.g., J-SOX), evidence collection, and remediation tracking.
  • Maintain compliance with ISO 27001, NIS2, GDPR, and other regulatory frameworks.
  • Contribute to policy development, updates, and global rollout.
Vendor & Third-Party Risk
  • Conduct vendor security assessments, review questionnaires, validate controls, and document findings.
  • Escalate high-risk issues and support mitigation follow-up.
Dashboards & Reporting
  • Develop and maintain dashboards, including the CISO Dashboard.
  • Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and training.
  • Present insights to leadership with clear, accurate reporting.
Security Awareness & Training
  • Support security awareness initiatives, including e-learning content, phishing exercises, and internal communications.
Regulatory Monitoring
  • Track global cybersecurity regulatory changes (e.g., NIS2, ICS/OT requirements, FDA expectations).
  • Support gap assessments and compliance readiness.
AI Security Oversight
  • Assist in evaluating risks related to AI systems and third-party AI tools.
  • Support governance controls for secure AI use.
Additional Responsibilities
  • Improve GRC processes, tools, and documentation.
  • Support internal projects, automation efforts, and cross-functional initiatives.
  • Provide coordination for security committees and working groups.

Required Qualifications
  • 3-5+ years in information security, GRC, IT audit, or risk management.
  • Strong communication skills; comfortable engaging with leadership.
  • Experience with ISO 27001 and NIS2 (required).
  • Experience conducting or supporting risk assessments and audits.
  • Understanding of vendor security assessment processes.
  • Ability to work independently in a dynamic environment with shifting priorities.

Preferred Skills
  • Experience with GRC platforms (e.g., BitSight, Drata, OneTrust, Archer).
  • Familiarity with cybersecurity domains (IAM, endpoint security, cloud, vulnerability management).
  • Data analysis and dashboard/reporting experience.
  • Awareness of emerging regulations (NIS2, AI governance, critical infrastructure).
  • Experience working with global teams.

Education
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field-or equivalent experience.
  • Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor are a plus.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact:
This job and many more are available through The Judge Group. Please apply with us today!