Sr Vendor Risk Management Analyst

Join to apply for the Sr Vendor Risk Management Analyst role at Thomson Reuters

Are you ready to join a team that helps Thomson Reuters, a global leader in providing trusted news, information, and software solutions, make informed decisions about the vendors and third-party providers that power our business? We are looking for a Senior Vendor Risk Management Analyst to join our global team in Richmond, VA to help continue current vendor risk processes while working to improve the way that we handle incoming and ongoing assessments.

In this role, you will play a critical role in assessing, monitoring, and mitigating the risks associated with our vendors and third-party providers. You will be responsible for conducting in-depth risk assessments, analyzing vendor performance, and developing strategic recommendations to ensure that our vendor relationships align with our business goals and risk tolerance. You will work closely with stakeholders across the organization to identify, assess, and mitigate potential risks, and collaborate with vendors to implement risk mitigation plans and monitor their effectiveness.

In this opportunity as Senior Vendor Risk Management Analyst, you will:

• Vendor Risk Assessment: Conduct thorough risk assessments of vendors to evaluate their security practices and identify potential vulnerabilities.
• Due Diligence: Perform due diligence on new and existing vendors to ensure they meet security requirements and comply with relevant regulations and standards.
• Monitoring and Reporting: Continuously monitor vendor security performance and report findings to management. Maintain metrics and dashboards for tracking vendor risk.
• Policy and Procedure Development: Develop and maintain policies and procedures related to vendor risk management, ensuring they align with industry best practices and organizational standards.
• Collaboration: Work closely with internal teams, such as procurement, legal, and security, to integrate vendor risk management processes across the organization.
• Contract Review: Assist in the review of vendor contracts to ensure appropriate security clauses and requirements are included.
• Incident Response: Participate in incident response activities related to vendor security breaches, including investigation and remediation efforts.
• Continuous Improvement: Identify opportunities for improving vendor risk management processes and implement changes to enhance overall security posture.
• Vendor Compliance: Ensure that vendor management practices comply with industry standards, such as SOC, ISO, or PCI-DSS.
• Vendor Risk Management: Analyze security findings from risk assessments and ensure that they are logged and tracked appropriately in the Enterprise Risk Management tooling.

You’re a fit for the role of Senior Vendor Risk Management Analyst if your background includes:

• 5-7+ years of experience in vendor risk management, third-party risk, or related fields
• Experience with vendor assessment methodologies and frameworks (e.g., NIST, ISO, SIG)
• Experience with vendor risk assessment tools and databases
• Contract review and negotiation experience
• Strong communication skills for interacting with vendors and internal stakeholders
• Industry certifications such as CTPRP, CRISC, or CISA are considered a plus but are not required for this position

• Hybrid Work Model: We’ve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected.
• Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance.
• Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrow’s challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future.
• Industry Competitive Benefits: We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing.
• Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our values: Obsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together.
• Social Impact: Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and ESG initiatives.
• Making a Real-World Impact: We are one of the few companies globally that helps its customers pursue justice, truth, and transparency. Together, with the professionals and institutions we serve, we help uphold the rule of law, turn the wheels of commerce, catch bad actors, report the facts, and provide trusted, unbiased information to people all over the world.

In the United States, Thomson Reuters offers a comprehensive benefits package to our employees, including health, dental, vision, disability, life insurance, 401k with company match, paid time off, holidays, parental leave, sabbatical, and additional benefits such as flexible spending accounts, fitness reimbursement, Employee Assistance Program, legal protections, and more.

The expected pay range for this role in the US is $88,200 - $163,800, with potential eligibility for an annual bonus based on performance. Compensation is based on experience, skills, and internal equity.

Thomson Reuters informs the way forward by bringing together trusted content and technology to help professionals make informed decisions. We serve legal, tax, accounting, compliance, government, and media sectors, with products that empower professionals with data, insights, and solutions. With 26,000 employees across more than 70 countries, we are committed to diversity, inclusion, and delivering objective, accurate, and fair information. Join us and help shape industries that move society forward.

Thomson Reuters is an Equal Employment Opportunity Employer and makes reasonable accommodations for individuals with disabilities and religious beliefs. Learn more about our policies and how to protect yourself from fraudulent postings.