Vendor Analyst, AI & Technology Risk

About The Position

Requirements

• 3+ years in risk, compliance, IT, security, or vendor risk management
• Experience with TPRM and GRC tools (like Archer, ServiceNow, OneTrust, Upguard)
• Familiarity with: Vendor risk management practices AI governance concepts (preferred) NIST CSF, SOC 2, or similar frameworks Data privacy concepts (CCPA preferred)
• Strong attention to detail and process discipline
• Ability to manage multiple workflows and follow-ups

Nice To Haves

• Experience supporting third-party risk or audit processes preferred
• Familiarity with: AI governance concepts (preferred)
• Data privacy concepts (CCPA preferred)

Responsibilities

• Vendor AI Governance (Primary Focus)
• Execute the vendor-wide AI detection process across the full vendor portfolio
• Conduct periodic vendor attestations
• Track vendor disclosures, updates, and AI usage changes
• Ensure vendors using AI are: Identified promptly Routed through the AIS Program review framework
• Maintain and track: Vendor AI inventory FactSheet submissions and updates
• Support Vendor Management in aligning with third-party risk requirements
• AI Governance Operations Support execution of AI intake and governance workflows
• Track AIA Forms and FactSheets
• Ensure completeness and follow-ups
• Perform initial triage for low-risk AI use cases
• Support activities of the AIS / Security Governance Team, including documentation and workflow tracking
• Monitoring & Validation Support Support twice-annual AI system and vendor review cycles
• Track: Vendor AI changes Model updates requiring re-review
• Assist in ensuring monitoring outputs are captured and documented
• Documentation & Controls Maintain: AI system inventory Vendor AI tracking logs Governance documentation and audit trails
• Support: Evidence collection for audits and regulatory reviews Control documentation for IT and security governance
• Broader Technology Risk Support (Secondary)
• Support tracking and documentation for: Cyber security governance activities (NIST CSF, NYDFS) Data privacy controls (CCPA, IT lens) IT general controls and risk register inputs
• Reporting & Coordination Assist with preparation of: AIS Committee materials Governance and vendor risk reports
• Coordinate with: Vendor Management AI / Technology teams Risk and Compliance teams

Benefits

• Competitive base salary plus incentive plans for eligible team members
• 401(K) retirement plan that includes a company match of up to 6% of your eligible salary
• Free basic life and AD&D, long-term disability and short-term disability insurance
• Medical, dental and vision plans to meet your unique healthcare needs
• Wellness incentives
• Generous time off program that includes personal, holiday and volunteer paid time off
• Flexible work schedules and hybrid/remote options for eligible positions
• Educational assistance