Jobs · Finance · Pennsylvania

Vendor Governance & Risk Analyst

The Institutes · Malvern, PA · 6 days ago
On-siteFinanceFull-time

About The Institutes

Located in Malvern, Pennsylvania, The Institutes® is a not-for-profit comprising diverse affiliates dedicated to educating, elevating, and connecting people in risk management and insurance. We emphasize understanding, predicting, and preventing losses to create a more resilient world. Additionally, we prioritize work-life balance, being recognized as a Top Workplace multiple times.

Vendor Governance & Risk Analyst

The Vendor Governance & Risk Analyst supports The Institutes’ vendor governance and third-party risk management (TPRM) program. Key responsibilities include:

  • Maintain the contract repository and renewal calendar.
  • Cook up vendor renewals with Legal and Procurement.
  • Maintain vendor tier classifications and risk profiles using the established tiering framework.
  • Track remediation items and follow up with vendors.
  • Distribute, collect, and organize security questionnaires.
  • Collect and review SOC reports, cyber insurance documentation, and compliance artifacts.
  • Research vendor markets for trends, risks, and current events, and raise risks as needed.
  • Identify continuous-improvement opportunities and flag them.

AI & Third-Party Risk Analysis

This role involves:

  • Conducting AI-focused vendor risk assessments.
  • Applying the AI risk-scoring methodology to evaluate vendor AI posture and document findings.
  • Assessing AI model risk exposure (bias, explainability, and regulatory considerations) and record results.
  • Supporting Security in identifying and flagging Shadow AI usage across the organization.
  • Tracking vendor data-exposure risk and data-sharing pathways.
  • Maintaining vendor and AI-governance records in OneTrust (or equivalent TPRM platform).

Contract & Data Governance Support

Key tasks include:

  • Reviewing AI- and data-related contract clauses and flagging items for Legal.
  • Supporting Legal in applying AI and data-protection contractual standards.
  • Supporting contractual reviews of AI/data usage during vendor onboarding and renewals.

Technology Portfolio & SaaS Tracking

Responsibilities encompass:

  • Maintaining the enterprise SaaS inventory and technology portfolio map.
  • Analyzing license utilization and identifying consolidation opportunities.
  • Surfacing redundant platforms and overlapping AI tool capabilities to the Manager.
  • Preparing cost-and-risk optimization options for the Manager’s review.

Reporting & Analytics

The role requires:

  • Maintaining vendor risk dashboards and AI-posture reporting.
  • Preparing reporting for the Manager and stakeholders on AI vendor exposure, data-risk trends, model-risk concentration, and SaaS redundancy and cost.
  • Flagging recurring risk patterns across vendor categories.

Required

  • 3+ years of experience in vendor management, third-party risk, IT governance, compliance, procurement, or operations.
  • Comfortable using AI/LLM tools (e.g., Claude, Microsoft Copilot) as a daily part of research, analysis, and documentation.
  • Able to use AI tools effectively to manage the volume of vendor research and analysis the role requires.
  • Experience reviewing vendor contracts and tracking renewals.
  • Exposure to third-party risk assessments and security-questionnaire processes.
  • Strong analytical and documentation skills.
  • Highly curious, with a drive to improve the customer experience and risk-management processes.
  • Experience maintaining SaaS inventories or technology portfolios.
  • Proficiency in Excel and vendor management platforms.

PREFERRED

  • Experience supporting SOC 2, ISO 27001, or similar audits.
  • Familiarity with OneTrust or TPRM platforms.
  • Exposure to AI governance, data risk management, or emerging technology risk.
  • Understanding of AI model risk principles (bias, explainability, regulatory impact).
  • Ability to be on-site 5 days a week is a must.

Benefits

To enforce the importance of work-life balance, employees enjoy excellent benefits, including:

  • 401(k) plan with company contribution up to 16%.
  • A generous time off package that includes paid vacation, personal, sick, and holidays.
  • Paid maternity and parental leave.
  • Tuition reimbursement.
  • Medical, dental, vision, and prescription coverage.
  • Free lunch every day when working on campus, onsite fitness center, and a beautiful 1.25-mile walking path!

Similar jobs

Vendor Risk Analyst

Hilltop HoldingsDallas, TX· 6 days ago
Financeapply on ejlu.fa.us2.oraclecloud.com

Vendor Analyst

SafeliteColumbus, OH· 1 wk ago
Business Developmentapply on careers.safelite.com