This role owns the end-to-end third-party risk lifecycle-intake, inherent-risk tiering, due ... Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach ...
This role owns the end-to-end third-party risk lifecycle-intake, inherent-risk tiering, due ... Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach ...
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Quick apply
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Enterprise Risk Analyst II
Denver, CO · On-site
$63K - $95K/yr
You bring strong analytical thinking, sound judgment, and a collaborative mindset. You are ... Perform risk management activities across key enterprise risk domains (e.g.,) third-party risk ...
Senior Cybersecurity Risk Analyst - USA Remote
Denver, CO · Remote
$130K - $160K/yr
The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk ... Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake ...
Senior Cybersecurity Risk Analyst - USA Remote
Denver, CO · Remote
$130K - $160K/yr
The Senior Cybersecurity Risk Analyst is responsible for executing third-party and supplier risk ... Execute the third-party risk management (TPRM) lifecycle end-to-end, including vendor intake ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
Enterprise Risk Analyst
Denver, CO · On-site
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
Enterprise Risk Management (ERM) and Third-Party Vendor Risk Management (TPVRM). Reporting to the ... prioritization analyses for leadership. * Maintain and update the enterprise risk register ...
... analyses, and remediation plans. * Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into ...
... analyses, and remediation plans. * Lead third-party cyber risk management across inherent risk tiering, due diligence, validation, monitoring, issue tracking, and reporting; embed requirements into ...
Governance Risk & Compliance (GRC) Analyst
Lakewood, CO · On-site
$55 - $65/hr
Vendor & Third-Party Risk * Conduct vendor security assessments, review questionnaires, validate ... Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and ...
Governance Risk & Compliance (GRC) Analyst
Lakewood, CO · On-site
$55 - $65/hr
Vendor & Third-Party Risk * Conduct vendor security assessments, review questionnaires, validate ... Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and ...
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
We areseekinga highly motivated and detail-orientedCompliance Operations Lead, Third-Party Due ... analysis to support compliance, risk, legal, operations, finance, procurement, or sales teams. Pay ...
Compliance Operations Lead, Third-Party Due Diligence
Westminster, CO · On-site
$158K/yr
We areseekinga highly motivated and detail-orientedCompliance Operations Lead, Third-Party Due ... analysis to support compliance, risk, legal, operations, finance, procurement, or sales teams. Pay ...
... third-party risk management, cloud security, incident readiness, and managed risk services. * Identify and qualify high-value expansion opportunities by analyzing client risk maturity, cyber program ...
... third-party risk management, cloud security, incident readiness, and managed risk services. * Identify and qualify high-value expansion opportunities by analyzing client risk maturity, cyber program ...
Compliance Operations Lead, Third-Party Due Diligence with Security Clearance
Westminster, CO · On-site
$159K/yr
Responsibilities: * Lead day-to-da y operations for Vantor's third-party due diligence and ... analysis to support compliance, risk, legal, operations, finance, procurement, or sales teams. Pay ...
Compliance Operations Lead, Third-Party Due Diligence with Security Clearance
Westminster, CO · On-site
$159K/yr
Responsibilities: * Lead day-to-da y operations for Vantor's third-party due diligence and ... analysis to support compliance, risk, legal, operations, finance, procurement, or sales teams. Pay ...
Alternative Investment Senior Risk Specialist
Lone Tree, CO · On-site
$30.10 - $43.17/hr
As a Sr. Specialist Risk Analyst, you will pursue our mission and values. You will have the ... Perform outreach to issuers and to the third-party vendor for current prices on securities that ...
Alternative Investment Senior Risk Specialist
Lone Tree, CO · On-site
$30.10 - $43.17/hr
As a Sr. Specialist Risk Analyst, you will pursue our mission and values. You will have the ... Perform outreach to issuers and to the third-party vendor for current prices on securities that ...
We're looking for a PM who thinks beyond product features and focuses on the key outcomes customers care about most : reducing unknown third-party risk, understanding where AI and agentic ...
Quick apply
We're looking for a PM who thinks beyond product features and focuses on the key outcomes customers care about most : reducing unknown third-party risk, understanding where AI and agentic ...
Model Risk Analyst
Denver, CO · Hybrid
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
Model Risk Analyst
Denver, CO · Hybrid
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
Conduct third party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems. * Identify and escalate ...
Conduct third party security risk assessments by distributing questionnaires, analyzing responses, verifying controls, and documenting results in the GRC tracking systems. * Identify and escalate ...
Model Risk Analyst
Denver, CO · On-site
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
Model Risk Analyst
Denver, CO · On-site
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
IT Governance & Compliance Analyst
Denver, CO · On-site
$80K - $105K/yr
Supports third-party risk management activities, including vendor security assessments and ... Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement ...
IT Governance & Compliance Analyst
Denver, CO · On-site
$80K - $105K/yr
Supports third-party risk management activities, including vendor security assessments and ... Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement ...
IT Governance & Compliance Analyst
$80K - $105K/yr
Supports third-party risk management activities, including vendor security assessments and ... Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement ...
IT Governance & Compliance Analyst
$80K - $105K/yr
Supports third-party risk management activities, including vendor security assessments and ... Ability to analyze IT systems, processes, and controls to identify risks, gaps, and improvement ...
Model Risk Analyst
Denver, CO · On-site
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
Quick apply
Model Risk Analyst
Denver, CO · On-site
$85K - $95K/yr
The Analyst will be responsible for supporting the bank-wide Model Risk Management (MRM) program ... Support requests received from third parties and Internal Audit related to model risk. * Perform ...
Weekend Third Party Risk Analyst information
What are Weekend Third Party Risk Analysts?
What are the key skills and qualifications needed to thrive as a Weekend Third Party Risk Analyst, and why are they important?
What is the difference between Weekend Third Party Risk Analyst vs Weekend Vendor Risk Analyst?
| Aspect | Weekend Third Party Risk Analyst | Weekend Vendor Risk Analyst |
|---|---|---|
| Certifications | Certifications like CRCM, CRM, or FRM often preferred | Similar certifications, often including vendor management or risk certifications |
| Work Environment | Financial institutions, banks, or corporations assessing third-party risks on weekends | Organizations managing vendor relationships and assessing vendor risks during weekends |
| Industry Usage | Common in banking, finance, and regulated industries | Used across various sectors including retail, healthcare, and technology |
The Weekend Third Party Risk Analyst and Weekend Vendor Risk Analyst roles share similar responsibilities in assessing risks related to external entities during weekend hours. Both require knowledge of risk management, compliance, and vendor or third-party oversight. The main difference lies in terminology and industry usage, with the Third Party Risk Analyst often associated with financial institutions and the Vendor Risk Analyst more common in diverse industries. Both roles are crucial for maintaining organizational security and compliance during weekend operations.
Is a grc analyst a good entry-level job?
How much does a third-party risk analyst make?
What are the primary challenges a Weekend Third Party Risk Analyst faces, and how can they be effectively addressed?
What does a third-party risk analyst do?
Is TPRm a good career?
Asurion rating
7.2
Based on 84 frontline employees who took The Breakroom Quiz
116th of 207 rated it services
Job description
The Senior Manager, Third Party Risk Management leads Asurion's enterprise vendor and supply-chain risk program as a second line of defense. This role owns the end-to-end third-party risk lifecycle-intake, inherent-risk tiering, due diligence, contract controls, continuous monitoring, reassessment, and secure offboarding-protecting Asurion and its carrier and partner ecosystem from risks introduced by vendors, service providers, and technology suppliers. The leader partners closely with Procurement, Legal, Privacy, business portfolio owners, and security control owners to translate fragmented vendor information into clear, defensible risk decisions. This is both a program-building and people-leadership role, maturing the vendor risk function in alignment with NIST CSF 2.0 and strengthening supply chain risk outcomes while embedding modern practices for emerging risks such as third-party AI tooling, SaaS sprawl, and vendor concentration.
Key Responsibilities- Own strategy, design, and continuous improvement of the Third-Party/Vendor Risk Management (TPRM) program aligned to NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and regulatory obligations.
- Define and maintain TPRM policy, standards, procedures, and risk-tiering methodology; secure governance approval and drive consistent adoption across the enterprise.
- Establish third-party risk appetite and tolerance thresholds with CISO and GRC leadership and apply them to vendor risk decisions.
- Embed risk gates within sourcing, onboarding, contracting, renewal, and offboarding in partnership with Procurement and Legal.
- Lead the full vendor risk lifecycle: intake, inherent-risk classification, due diligence, residual-risk determination, treatment/acceptance, contracting, continuous monitoring, reassessment, and offboarding.
- Operationalize inherent-risk tiering to scope assessment depth and cadence based on data sensitivity, access, criticality, and business impact.
- Direct security, privacy, and resilience assessments using methodologies such as SIG/Shared Assessments and evidence including SOC 2 Type II, ISO 27001, PCI AOC, and penetration test results.
- Evaluate fourth-party/Nth-party dependencies, vendor concentration, and systemic risk across the supplier portfolio.
- Establish and lead risk reviews for third-party AI/GenAI tooling with security and privacy teams; address model and data-handling risks and shadow AI.
- Translate findings into concise, business-relevant risk narratives and actionable remediation plans with owners and timelines.
- Operate continuous monitoring leveraging external risk ratings, periodic attestations, threat/breach intelligence, and event-driven triggers.
- Coordinate third-party incident response with SOC/IR; assess impact, drive containment, and track remediation to closure.
- Manage the third-party risk register and findings inventory; escalate aging or accepted risks through governance.
- Maintain visibility into critical vendor resilience and BC/DR posture for high-impact suppliers.
- Partner with Legal and Procurement to define and negotiate security, privacy, and resilience terms (control requirements, right-to-audit, breach notification SLAs, data protection, subprocessor controls).
- Develop a standardized library of contractual security requirements scaled to vendor risk tier.
- Define and report outcome-driven metrics and KRIs (e.g., residual risk trends, assessment cycle time/coverage, time-to-remediate, monitoring coverage, exception aging); deliver executive-ready reporting to governance forums.
- Serve as the primary point of contact for internal/external audits, regulatory exams, and carrier-partner due diligence.
- Build, lead, and develop a high-performing team of vendor risk analysts; set objectives, coach performance, and scale capability through playbooks, training, and quality reviews.
- Drive operational efficiency via process automation and analyst-assistive tooling to focus effort on judgment-intensive decisions.
- 8+ years in information security, IT risk, or GRC, including 4+ years focused on third-party/vendor risk management.
- 2+ years of direct people leadership managing analysts or a risk team.
- Demonstrated experience designing or maturing a TPRM program lifecycle end to end.
- Strong working knowledge of NIST CSF 2.0, ISO 27001, SOC 2, PCI DSS, and assessment standards such as SIG/Shared Assessments.
- Experience reviewing assurance artifacts (SOC 2 Type II, ISO certifications, penetration test reports) and translating them into risk decisions.
- Hands-on experience with TPRM/GRC platforms and continuous monitoring/security-rating tools (e.g., ProcessUnity, OneTrust, Prevalent/Mitratech, Whistic, BitSight, SecurityScorecard, or comparable).
- Experience partnering with Procurement and Legal on vendor contracting and security/privacy terms.
- Excellent written and verbal communication, including executive briefing and defensible risk narratives.
- Bachelor's degree in a related field or equivalent professional experience.
- Preferred: certifications such as CTPRP, CISSP, CISA, CRISC, or CISM; experience in regulated consumer or financial environments (e.g., GLBA, PCI DSS, state privacy laws); experience with AI/GenAI risk assessment; familiarity with three lines of defense; experience with automation or AI-assisted workflows in GRC.
- Sound risk judgment balancing rigor with business enablement and speed-to-value.
- Ability to influence without authority across Procurement, Legal, Privacy, Security, and business stakeholders.
- Program design, policy/standard development, and governance execution for TPRM.
- Expertise in vendor risk tiering, due diligence, continuous monitoring, issue management, and secure offboarding.
- Strong analytical skills to assess concentration, systemic risk, and fourth-party dependencies.
- Advanced communication skills; distills complex third-party risk into actionable executive decisions.
- Team leadership, talent development, and operational scaling through playbooks, training, and QA.
- Proficiency with metrics/KRIs, dashboards, and executive reporting.
- Negotiation of contractual security/privacy/resilience terms and control requirements.
N/A
Physical Demands- Stationary Position: Frequently
- Vision: 20/20 corrected vision
- Hearing: Receive detailed information if spoken to