Associate, Third-Party Risk Management

AmeriLifeClearwater, FL
Onsite

About The Position

Reporting to the Director of Third-Party Risk Management, the Third-Party Risk Management Associate supports the execution and continuous improvement of the organization’s Third-Party Risk Management (TPRM) program. This role is responsible for conducting vendor risk assessments, managing day-to-day third-party risk processes, maintaining thorough documentation, and monitoring key risk indicators (KRIs). The Associate partners closely with cross-functional teams and leverages technology to help ensure that all vendors and third-party service providers meet the organization’s security, compliance, operational and risk management requirements.

Requirements

  • Bachelor’s degree in Business, Information Systems, Cybersecurity, or related field.
  • 3-5 years of experience in risk management, vendor management, compliance, or information security, with exposure to third-party risk management or vendor due diligence processes.
  • Familiarity with key compliance and security frameworks and regulations (such as CPRA, HIPAA, SOX, ISO 27001, NIST) and an understanding of how they apply to third-party/vendor risk.
  • Certified Third-Party Risk Professional (CTPRP), Certified Risk and Compliance Management Professional (CRCMP) or Certified Regulatory Vendor Program Manager (CRVPM).
  • Experience using vendor risk management technology to manage risk assessments, workflows, and reporting.
  • Proficient with standard business software (Excel, PowerPoint, Word) for data analysis and presentation.
  • Strong analytical and problem-solving skills with keen attention to detail.
  • Ability to interpret risk assessment data, identify trends or red flags in vendor responses, and assist in developing mitigation steps.
  • Excellent written and verbal communication skills.
  • Capable of preparing clear reports and effectively communicating findings and requirements to internal stakeholders and vendors.
  • Demonstrated ability to work collaboratively in cross-functional teams.
  • Strong organizational and time-management skills, with the ability to manage multiple vendor assessments and tasks concurrently and meet deadlines.

Nice To Haves

  • Experience in optimizing risk management processes or workflows.
  • Familiarity with automation features in GRC platforms or other risk management tools to improve efficiency and reporting.
  • Working understanding of vendor contract terms related to security and privacy, as well as awareness of emerging third-party risk trends (such as cloud security, data protection, artificial intelligence fourth-party risk).
  • Experience supporting third-party risk management programs within banking, financial services, insurance, fintech, or other highly regulated industries.
  • Ability to manage multiple assignments/projects and meet deadlines in a fast-paced environment.

Responsibilities

  • Conduct risk assessments and due diligence for new and existing third-party vendors.
  • Collect and analyze vendor responses (such as security questionnaires, audit reports, SOC reports), identify potential risk areas, recommend appropriate mitigation strategies, and summarize findings for management review.
  • Help coordinate the end-to-end third-party lifecycle, including vendor onboarding, ongoing performance management and risk monitoring, contract reviews, issue management, and offboarding.
  • Ensure all required risk checks and approvals are completed and documented at appropriate lifecycle stages.
  • Maintain accurate TPRM documentation and records, including risk assessment results, remediation plans, and risk acceptance decisions.
  • Prepare regular reports and dashboards on third-party risk metrics and Key Risk Indicators (KRIs) for review by senior risk management.
  • Use approved technology to support automation of TPRM workflows. This includes managing vendor inventories, issuing and tracking risk assessment questionnaires, monitoring vendor compliance status, and generating risk reports.
  • Continuously monitor third-party risk profiles and compliance status.
  • Track open risk issues or remediation plans in the TPRM system and follow up with vendors or internal stakeholders to ensure timely completion of mitigation actions.
  • Escalate significant findings or delays to the Director, as needed.
  • Work closely with internal teams such as IT Security, Compliance, Legal, Procurement, and business units to gather necessary information for vendor evaluations.
  • Support communication with stakeholders and vendors to clarify requirements, obtain documentation, and resolve any identified risk or compliance issues.
  • Assist in the development, maintenance, and enhancement of TPRM policies, procedures, standards, and templates.
  • Support audits, regulatory examinations, and compliance reviews related to third-party risk management activities.
  • Contribute to ongoing process improvements and program maturity initiatives.

Benefits

  • PTO
  • medical
  • dental
  • vision
  • retirement savings
  • disability insurance
  • life insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service