Third Party Risk Analyst
Career GuideKey Responsibilities
- Review third party risk questionnaires and supporting evidence
- Assess information security controls at third parties
- Assess privacy practices and data handling
- Evaluate regulatory and contractual compliance risks
- Coordinate due diligence for new vendor onboarding
- Monitor third parties for changes in risk over time
- Track remediation plans and validate completion
- Document risk ratings and decision recommendations
- Support internal audits and external examinations
- Partner with procurement, legal, security, and business owners to resolve issues
Top Skills for Success
Risk Assessment
Vendor Due Diligence
Information Security Fundamentals
Privacy Fundamentals
Regulatory Awareness
Control Testing
Policy Interpretation
Contract Review
Stakeholder Management
Written Communication
Attention to Detail
Project Coordination
Career Progression
Can Lead To
Third Party Risk Manager
Vendor Risk Manager
Information Security Risk Analyst
Governance Risk and Compliance Analyst
Operational Risk Analyst
Compliance Analyst
Transition Opportunities
Information Security Analyst
Privacy Analyst
Internal Auditor
Enterprise Risk Analyst
Business Continuity Analyst
Common Skill Gaps
Often Missing Skills
Evidence EvaluationRisk WritingControl MappingIssue ManagementThird Party MonitoringData Classification
Development SuggestionsPractice turning vendor responses into clear risk statements with impact and likelihood. Build comfort reviewing security and privacy evidence. Learn how to map vendor controls to your organization’s requirements and track remediation to closure.
Salary & Demand
Median Salary Range
Entry LevelUSD 65,000 to 85,000
Mid LevelUSD 85,000 to 115,000
Senior LevelUSD 115,000 to 150,000
Growth Trend
Growing demand, driven by increased outsourcing, stricter privacy expectations, and higher scrutiny of vendor security and resilience.Companies Hiring
Major Employers
JPMorgan ChaseBank of AmericaWells FargoCitigroupGoldman SachsMorgan StanleyVisaMastercardUnitedHealth GroupCVS HealthAmazonMicrosoft
Industry Sectors
BankingInsurancePaymentsHealthcareRetailTechnologyTelecommunicationsEnergyGovernment ContractorsConsulting
Recommended Next Steps
1
Create a checklist for reviewing common vendor evidence and apply it to sample packets2
Write three example risk summaries using plain language and clear recommendations3
Learn a common security control framework and practice mapping controls to requirements4
Build a simple tracking method for remediation actions, owners, dates, and status5
Partner with procurement and legal to understand onboarding steps and contract clauses6
Prepare interview stories that show prioritization, communication, and decision support