×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Analyst – Third Party Risk Management

Job in Norfolk, Virginia, 23500, USA
Listing for: Sentara Healthcare Inc
Full Time position
Listed on 2026-06-05
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 110000 USD Yearly USD 80000.00 110000.00 YEAR
Job Description & How to Apply Below

Third Party Risk Management (TPRM) Senior Analyst is responsible for ensuring the organization effectively manages risks associated with third‑party vendors and partners throughout the entire third‑party lifecycle, including vendor selection, contract negotiation, ongoing monitoring, and termination. This involves not only identifying and evaluating risks but also collaborating with various teams, particularly Legal and Procurement, to embed risk mitigation strategies into contractual agreements.

Key responsibilities

  • Vendor Risk Assessment (VRA):
    • Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.
    • Utilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.
    • Analyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.
    • Engage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.
    • Perform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.
  • Contract Negotiation:
    • Partner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.
    • Provide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.
    • Work to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.
  • TPRM program development and maintenance:
    • Support the development, maintenance, and enhancement of the organization’s Third-Party Risk Management program and framework.
    • Develop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.
    • Identify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.
  • Stakeholder collaboration and communication:
    • Build and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.
    • Provide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.
    • Communicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.
  • Ongoing monitoring and remediation:
    • Track identified risks associated with third parties and ensure timely reviews are performed.
    • Monitor key supplier performance against established SLAs and regulatory requirements.
    • Track and collaborate with internal partners and vendors to remediate any risk-related issues.
Education
  • Bachelor's degree in a relevant field such as Business, Finance, Information Technology, or a related discipline (Preferred)
  • Experience in lieu of Bachelor's Degree – 7+ years of relevant experience without a degree
Certification/Licensure
  • CISA, CRISC, CISM, CISSP, or other relevant certifications are preferred
Experience
  • 5+ years of relevant experience with a degree
  • Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices.
  • Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM, and Shared Assessments SIG.
  • Working knowledge of contract management principles and practices, including contract negotiation and analysis.
  • Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences.
  • Strong analytical, critical thinking, and problem‑solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy.
  • Ability to work collaboratively in a cross‑functional environment and build strong relationships with internal and external partners.
  • Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC tools like One Trust (highly desirable), Archer, or Service Now

#J-18808-Ljbffr
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search