×
Register Here to Apply for Jobs or Post Jobs. X

Vendor Compliance Analyst

Job in Malvern, Chester County, Pennsylvania, 19355, USA
Listing for: The Institutes
Full Time position
Listed on 2026-07-01
Job specializations:
  • IT/Tech
    IT Business Analyst, Data Security, Information Security, Cybersecurity
Job Description & How to Apply Below
Location: Malvern

Vendor Risk & Compliance Specialist

Located in beautiful Malvern, Pennsylvania, The Institutes® are a not-for-profit comprised of diverse affiliates that educate, elevate, and connect people in the essential disciplines of risk management and insurance. Through products and services offered by our nearly 20 affiliated business units, people and organizations are empowered to help those in need with a focus on understanding, predicting, and preventing losses to create a more resilient world.

Additionally, we understand the importance of work-life balance—in 2025  named us a Top Workplace for the tenth year and USA Today named us a USA Top Workplace for the fourth year. We provide excellent benefits and a friendly, team-focused work environment to drive employee engagement.

The Vendor Risk & Compliance Specialist role is responsible for advancing the organization's vendor governance program into a strategic, risk-driven function focused on AI, data exposure, and technology portfolio optimization.

This role evolves beyond operational vendor tracking to provide analytical oversight of third-party risk, AI model exposure, SaaS rationalization strategy, and contractual data governance. The Vendor Risk & Compliance Specialist partners cross-functionally with Security, Legal, Procurement, IT, Application Development, and Compliance to evaluate vendor AI posture, assess model risk exposure, and ensure responsible technology adoption across the enterprise.

This position plays a critical role in strengthening the organization's Third-Party Risk Management (TPRM) and AI governance frameworks, driving informed decision-making through risk analytics, vendor scoring, and portfolio optimization.

What You'll Do:

Vendor Governance & Lifecycle Management

  • Maintain contract repository and track renewal dates
  • Coordinate renewals with Legal and Procurement
  • Maintain vendor tier classifications and risk profiles
  • Track remediation items and follow up with vendors.
  • Review and distribute security questionnaires.
  • Collect and analyze SOC reports, cyber insurance documentation, and compliance artifacts.
  • Identify and execute continuous improvement opportunities for the customer experience
  • Proactively do research on the vendors spaces to track trends, risks and current events. Raise risks as needed.

AI & Third-Party Risk Analysis

  • Conduct AI-focused vendor risk assessments, including model usage, training data sources, and data retention practices.
  • Evaluate vendor AI posture and develop AI risk scoring methodology.
  • Assess AI model risk exposure, including bias, explainability, and regulatory considerations.
  • Partner with Security to detect and mitigate Shadow AI usage across the organization.
  • Track vendor data exposure risk and data-sharing pathways.
  • Coordinate One Trust integrations and AI governance workflows.

Contract & Data Governance Oversight

  • Review and evaluate AI/data-related clauses in contracts, including:
    • Data ownership
    • Data residency
    • Model training rights
    • Sub processor disclosures
    • AI indemnification and liability language
  • Partner with Legal to strengthen AI and data protection contractual standards.
  • Support AI/data usage contractual reviews during vendor onboarding and renewals.

Technology Portfolio & SaaS Rationalization

  • Maintain enterprise SaaS inventory and technology portfolio map.
  • Analyze license utilization and identify consolidation opportunities.
  • Develop SaaS rationalization strategy to reduce redundant platforms.
  • Assess overlapping AI tool capabilities and risk duplication.
  • Provide cost-risk optimization recommendations to leadership.

Analytics & Strategic Reporting

  • Develop vendor risk dashboards and AI posture reporting.
  • Create executive-level reporting on:
    • AI vendor exposure
    • Data risk trends
    • Model risk concentration
    • SaaS redundancy and cost optimization

What We're Looking For:

Required

  • 3–5+ years of experience in vendor management, third-party risk, IT governance, compliance, or risk analysis.
  • Proficiency in LLM technology and utilization of such tools to manage the complexities of the research and analysis are critical to the success of the role.
  • Effective hands-on usage of LLM technology-based tools to help achieve department ends
  • Experience…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary