Senior Third-Party Risk Analyst

Responsibilities

• Serve as the subject matter expert for third-party and supplier risk management, owning and continuously maturing WGU's TPRM methodology.
• Lead end-to-end third-party risk assessments across the full lifecycle, including intake, due diligence, contracting, ongoing monitoring, and offboarding.
• Analyze complex technical and non-technical evidence to determine likelihood, impact, root cause, and defensible risk ratings.
• Review assurance artifacts such as SOC 2 Type II reports, penetration test results, and security questionnaires to identify gaps, exceptions, and compensating controls.
• Assess fourth-party and downstream risk, including concentration risk within critical supply chains.
• Partner with procurement, legal, and privacy teams to review contracts, data protection addendums, and security clauses and recommend risk-reducing language.
• Mentor junior analysts, provide quality review of assessments, and act as an escalation point for high-risk or complex engagements.
• Lead exception-to-policy analysis, document residual risk, and guide risk acceptance, transfer, or mitigation decisions with appropriate stakeholder sign-off.
• Work with engineers, architects, and security professionals to understand the risk of a system, project, third-party, supplier, or application and recommend controls to mitigate identified risks.
• Provide guidance and assistance to operational teams and third parties to remediate security deficiencies and track remediation through to closure.
• Identify, develop, and recommend AI-driven efficiencies in the TPRM program and broader risk management practice.
• Maintain working knowledge of NIST, ISO, and PCI-DSS standards as well as FERPA, GLBA, and FTC regulations, and ensure assessments account for applicable obligations.
• Act as an advocate for Information Security, helping the business understand third-party risk, security standards, and best practices.

Requirements

• Bachelor's degree in a related field with 5+ years (7-10 years preferred) of information security experience, including hands-on ownership of third-party or supplier risk assessments.
• Proven experience running or significantly contributing to a third-party or vendor risk management program end to end.
• Familiarity with NIST, ISO, and PCI-DSS standards.
• Strong analytical and critical-thinking skills with the ability to reason through ambiguity and make sound, defensible risk decisions.
• Experience with cybersecurity and privacy principles and the controls used to manage risk across data use, processing, storage, and transmission.
• Demonstrated experience recommending security safeguards, including contract and SLA language.
• Working knowledge of risk management best practices and frameworks.
• Excellent written and verbal communication skills with the ability to influence stakeholders and clearly articulate ri

Additional Information

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career. Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families. The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is: Grade: Technical 409 Pay Range: $127,700.00 - $191,500.00 Job Description The Senior Third-Party Risk Analyst is a senior member of WGU's Risk Management Team and a subject matter expert in third-party and supplier risk management (TPRM). This individual brings deep, hands-on experience assessing the security posture of vendors, suppliers, and applications across the full third-party lifecycle, including intake, due diligence, contracting, ongoing monitoring, and offboarding. The Senior Analyst owns and matures the TPRM methodology, applies strong analytical thinking to translate complex findings into clear risk decisions, mentors junior analysts, and serves as a trusted advisor to procurement, legal, privacy, and business stakeholders. While the focus is third-party risk, this role also contributes to internal and enterprise risk efforts as needed.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at WGU? Share your experience