American Family Insurance

Lead Third Party Risk Analyst, Hybrid

American Family Insurance

full-time

Posted on:

Origin:  • 🇺🇸 United States • Massachusetts, Wisconsin

Visit company website
AI Apply
Manual Apply

Salary

💰 $97,000 - $164,000 per year

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Lead and execute vendor and non-vendor third party risk assessments and due diligence across cybersecurity, privacy, compliance, and operational domains, ensuring alignment with internal risk frameworks, and regulatory expectations.
  • Lead the identification, assessment, management, remediation, and tracking of third-party risks across the TPRM lifecycle, including onboarding, annual reassessments, and offboarding activities.
  • Act as an important partner to cybersecurity, data privacy, compliance, AI Governance, procurement, and teams in evaluating third-party risk profiles—translating findings into applicable business guidance.
  • Drive continuous improvement of the third-party processes, including onboarding, tiering, reassessment, exception handling, issue management, and offboarding.
  • Identify opportunities to deploy automation, analytics, and AI/ML techniques to improve data collection, risk scoring, and reporting processes.
  • Maintain a centralized third-party repository, monitoring performance, controls, and risk remediation across portfolio.
  • Participate in compliance assessments, policy reviews, and internal audits improving third-party-related risks.
  • Monitor latest cybersecurity and data privacy laws, compliance obligations, and industry standards to assess third-party exposure and adjust TPRM criteria accordingly.
  • Remain current on regulatory changes, cybersecurity and data privacy requirements, and third-party risk trends, governance frameworks, and industry best practices.
  • Lead key internal, cross functional, and stakeholder relationships to ensure expectations and opportunities to collaborate are transparently communicated.
  • Work with leaders to evaluate risk relative to company strategy and risk appetite, assign accountability of mitigation strategies, and implement processes to monitor and report success.
  • Accountable for partner engagement/management to understand internal processes and identify potential risks.

Requirements

  • Experience conducting third-party risk assessments, IT risk and compliance control assessments and evaluating compliance and privacy controls.
  • Stakeholder engagement and communication skills—able to translate risk findings into concise, business-ready guidance.
  • Demonstrated subject‑matter expertise with cybersecurity and information security controls—including privacy impact assessments, data protection requirements, and third-party security practices.
  • In-depth knowledge of regulatory requirements and industry standards related to cybersecurity, data privacy, and compliance.
  • Hands-on experience reviewing privacy, compliance, and cybersecurity artifacts (PIAs, DPAs, SOC reports, ISO certifications, etc.).
  • Broad knowledge and understanding of insurance, industry trends and adjacencies.
  • Demonstrated experience providing customer-driven solutions, support, or service.
  • Advanced knowledge of security analysis processes and standards for conducting and reporting security analysis to stakeholders.
  • Extensive knowledge and understanding of IT Risk Management and/or Information Systems Auditing.
  • Extensive knowledge and understanding of IT risk and control frameworks.
  • Solid knowledge and understanding of risk management methods, standards, processes, governance models, and industry standard risk analysis approaches.
  • Licenses: Professional certification such as CISA, CIPP, CIPM, CISSP, CRISC, CTPRP or similar are preferred.