Senior Risk Analyst, Privacy & Third-Party Risk

T. Rowe PriceOwings Mills, MD
1d$87,000 - $185,000Hybrid
Match Resume

About The Position

At T. Rowe Price, we identify and actively invest in opportunities to help people thrive in an evolving world. As a premier global asset management organization with more than 85 years of experience, we provide investment solutions and a broad range of equity, fixed income, and multi-asset capabilities to individuals, advisors, institutions, and retirement plan sponsors. We take an active, independent approach to investing, offering our dynamic perspective and meaningful partnership so our clients can feel more confident. We believe doing the right thing for our clients and our associates is good business. With a career at the firm, you can expect opportunities to create real impact at work and in your community. You’ll enjoy resources to support your career path, as well as compensation, benefits, and flexibility to enrich your life. Here, you’ll find a collaborative culture that respects and values differences and colleagues who share a spirit of generosity. Join us for the opportunity to grow and make a difference in ways that matter to you. Role Summary The Senior Risk Analyst – Privacy & Third Party Risk is a Second Line of Defense (2LoD) role and a member of the Global Privacy Office (GPO) and Third Party Risk Management (TPRM) function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities and outsourced TPRM services, operating with minimal supervision and a high degree of professional judgment. This position is expected to independently manage complex risk assessments, lead oversight activities, identify emerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.

Requirements

  • Bachelor’s degree in Risk Management, Information Systems, Finance, Business, Law, or a related field.
  • 5+ years of experience in second-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management (or other industry subject to equivalent regulatory scrutiny).
  • Demonstrated ability to operate independently with minimal guidance in a 2LoD environment.
  • In-depth knowledge of global privacy regulations and outsourced TPRM operating models.
  • Certified Information Privacy Professional (CIPP/US, CIPP/E)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Third Party Risk Professional (CTPP)

Nice To Haves

  • Experience leading or independently managing 2LoD privacy or TPRM oversight activities.
  • Asset management or broader financial services experience.
  • Additional certifications: CIPM or CIPT ISO 27001 Lead Implementer or Auditor
  • Familiarity with SEC, FINRA, and global regulatory expectations.
  • Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust, IBM OpenPages).
  • Strong proficiency with reporting and analytics tools (e.g., Power BI, advanced Excel).
  • Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting (e.g., Microsoft Co-Pilot, ChatGPT Enterprise).
  • Ability to automate reporting and improve risk visibility.

Responsibilities

  • Independently provide 2LoD oversight of privacy risks arising from first-line business activities and serve as a subject matter resource on privacy risk matters.
  • Lead review and challenge of Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
  • Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
  • Independently review privacy incidents, including root cause analyses and remediation plans.
  • Provide technical expertise and support the implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
  • Support the process of Privacy and Security by Design reviews, in particular, where they relate to the development and deployment of new technologies. This includes reviewing technical implementation details and design documentation for new systems and features, and providing guidance on improving privacy features in those systems.
  • Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
  • Identify opportunities to enhance the Global Privacy Office’s technical capabilities, develop, test and work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm’s required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, Share Point sites).
  • Support the execution of the privacy compliance monitoring program.
  • Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
  • Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies as appropriate.
  • Identify systemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
  • Support third party cyber and information security risk review activities.
  • Contribute to the ongoing development of fourth-party risk governance and oversight practices.
  • Identify opportunities to enhance TRPM’s technical capabilities, develop, test and work with technology teams to deploy such capabilities.
  • Support the maintenance of the firm’s required TPRM compliance documentation (e.g., Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).
  • Independently develop and deliver executive-level risk reporting, dashboards, and management information.
  • Assist with monitoring and reporting emerging AI and technology risks across privacy and third party risk, contributing to oversight of controls, assessments, and reporting.
  • Leverage AI-enabled tools and advanced analytics to identify trends, emerging risks, and control weaknesses.
  • Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
  • Maintain accurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.

Benefits

  • Competitive compensation
  • Annual bonus eligibility
  • A generous retirement plan
  • Hybrid work schedule
  • Health and wellness benefits, including online therapy
  • Paid time off for vacation, illness, medical appointments, and volunteering days
  • Family care resources, including fertility and adoption benefits

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Senior Risk Analyst, Privacy & Third-Party Risk job opportunities

Third Party Risk Analyst
Suncoast Credit Union
Suncoast Credit Union • Tampa, FL2d • $60,000 - $90,000 • Remote
🔥 New JobCorporate Senior Third-Party Risk Analyst
Glacier Bancorp, Inc.
Glacier Bancorp, Inc. • Town of Mount Pleasant, NY16h • $69,465 - $113,495
Third Party Risk Sr Analyst
Citizens Bank
Citizens Bank • Providence, RI5d
Third Party Risk Sr Analyst
Citizens Financial Group
Citizens Financial Group • Johnston, RI3d
Third Party Risk Sr Analyst
Citizens Bank
Citizens Bank • Johnston, RI4d
Third Party Risk Assessor
Equitable
Equitable • Syracuse, NY2d • $90,000 - $103,000
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service