Sr Vendor Risk Management Analyst

Are you ready to join a team that helps Thomson Reuters, a global leader in providing trusted news, information, and software solutions, make informed decisions about the vendors and third-party providers that power our business? We are looking for a Senior Vendor Risk Management Analyst to join our global team in Richmond, VA, to help continue current vendor risk processes while working to improve the way we handle incoming and ongoing assessments.

In this role, you will play a critical part in assessing, monitoring, and mitigating risks associated with our vendors and third-party providers. You will be responsible for conducting in-depth risk assessments, analyzing vendor performance, and developing strategic recommendations to align our vendor relationships with our business goals and risk tolerance. You will collaborate with stakeholders across the organization to identify, assess, and mitigate potential risks, and work with vendors to implement and monitor risk mitigation plans.

As a Senior Vendor Risk Management Analyst, your responsibilities will include:

1. Vendor Risk Assessment: Conduct thorough risk assessments of vendors to evaluate their security practices and identify vulnerabilities.
2. Due Diligence: Perform due diligence on new and existing vendors to ensure compliance with security requirements and relevant regulations.
3. Monitoring and Reporting: Monitor vendor security performance, report findings to management, and maintain risk metrics and dashboards.
4. Policy and Procedure Development: Develop and update policies related to vendor risk management, aligning with industry best practices.
5. Collaboration: Work with procurement, legal, and security teams to embed vendor risk management processes organization-wide.
6. Contract Review: Assist in reviewing vendor contracts to ensure security clauses are included.
7. Incident Response: Participate in incident investigations and remediation related to vendor security breaches.
8. Continuous Improvement: Identify and implement enhancements to vendor risk management processes.
9. Vendor Compliance: Ensure practices meet standards like SOC, ISO, or PCI-DSS.
10. Risk Logging & Tracking: Analyze security findings and ensure proper logging in enterprise risk management tools.

You are suitable for this role if you have:

1. 5-7+ years in vendor or third-party risk management.
2. Experience with assessment frameworks (e.g., NIST, ISO, SIG).
3. Proficiency with vendor assessment tools and databases.
4. Contract review and negotiation skills.
5. Strong communication skills for vendor and stakeholder interactions.
6. Certifications like CTPRP, CRISC, or CISA are a plus but not required.

• Hybrid Work Model: Flexible in-office and remote work options (2-3 days/week).
• Flexibility & Work-Life Balance: Policies to support personal responsibilities, including work from anywhere up to 8 weeks/year.
• Career Growth: Continuous learning opportunities with programs like Grow My Way.
• Competitive Benefits: Health, dental, vision, retirement plans, paid time off, mental health days, and more.
• Inclusive Culture & Social Impact: Recognition for inclusion, community involvement, and ESG initiatives.
• Global Impact: Contribute to upholding justice, truth, and transparency worldwide.

In the US, the base salary range is $88,200 - $163,800, with potential for bonuses. Compensation depends on experience and internal equity. Our total rewards include benefits and wellbeing programs.

Thomson Reuters combines trusted content and technology to empower professionals across legal, tax, accounting, compliance, government, and media sectors. With over 26,000 employees in 70+ countries, we value diversity, objectivity, and transparency. We are committed to equal employment opportunities and providing accommodations for disabilities and religious beliefs.