Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Sentara Health

Senior Analyst – TPRM

Sentara Health

. Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.

Posted 4/22/2026full-timeRemote • Florida, Nevada, Virginia, West Virginia • 🇺🇸 United StatesSeniorWebsite

Tech Stack

Tools & technologies
Cyber SecurityServiceNow

About the role

Key responsibilities & impact
  • Conduct thorough risk assessments for potential and existing vendors, focusing on various risk types, including cybersecurity, operational, financial, and compliance risks.
  • Utilize and potentially create vendor risk assessment questionnaires to gather detailed information about vendor practices, including data security policies, internal controls, compliance posture, and business continuity plans.
  • Analyze questionnaire responses and other relevant information to identify deficiencies, areas for remediation, and categorize vendors based on risk levels.
  • Engage with stakeholders to communicate assessment results, address security concerns, and collaborate on potential remediation actions.
  • Perform periodic reviews and reassessments of existing vendors to ensure ongoing compliance and address evolving risks.
  • Partner with Legal and Procurement teams during contract negotiations to ensure security, privacy, and other relevant risk clauses are adequately addressed.
  • Provide expert guidance on acceptable and unacceptable contract terms related to risk management, service level agreements (SLAs), and data protection.
  • Work to define and include clear performance standards, due diligence requirements, and exit strategies within contracts.
  • Support the development, maintenance, and enhancement of the organization's Third-Party Risk Management program and framework.
  • Develop and update TPRM procedures to ensure alignment with organizational policies and regulatory requirements.
  • Identify and implement process efficiencies within the TPRM program and perform analyses on team metrics to enhance effectiveness.
  • Build and maintain strong relationships with internal stakeholders across departments such as Legal, Procurement, Information Security, and Business Units.
  • Provide TPRM guidance and training to Vendor Relationship Owners and business partners on risk management practices.
  • Communicate identified risks, assessment results, and mitigation strategies to stakeholders, including senior management, clearly and concisely.
  • Track identified risks associated with third parties and ensure timely reviews are performed.
  • Monitor key supplier performance against established SLAs and regulatory requirements.
  • Track and collaborate with internal partners and vendors to remediate any risk-related issues.

Requirements

What you’ll need
  • Bachelor's degree in a relevant field such as Business, Finance, Information Technology, or a related discipline (Preferred)
  • Experience in lieu of Bachelor's Degree - 7+ years of relevant experience without a degree
  • CISA, CRISC, CISM, CISSP, or other relevant certifications are preferred
  • 5+ years of relevant experience with a degree
  • Strong understanding of Third-Party Risk Management (TPRM) principles, concepts, and best practices.
  • Experience in conducting vendor risk assessments and evaluating internal controls, potentially leveraging frameworks like ISO 27001/2, NIST 800-53, NIST CSF, SOC1/SOC2, CSA CCM, and Shared Assessments SIG.
  • Working knowledge of contract management principles and practices, including contract negotiation and analysis.
  • Excellent communication skills, both written and verbal, with the ability to effectively articulate security control requirements, assessment results, and risk considerations to diverse audiences.
  • Strong analytical, critical thinking, and problem-solving skills, with the ability to digest and analyze complex information with attention to detail and accuracy.
  • Ability to work collaboratively in a cross-functional environment and build strong relationships with internal and external partners.
  • Proficiency in Microsoft Office Suite (Excel, PowerPoint, Word) and potentially GRC (Governance, Risk, and Compliance) tools like OneTrust (highly desirable), Archer, or ServiceNow

Benefits

Comp & perks
  • Medical, Dental, Vision plans
  • Adoption, Fertility and Surrogacy Reimbursement up to $10,000
  • Paid Time Off and Sick Leave
  • Paid Parental & Family Caregiver Leave
  • Emergency Backup Care
  • Long-Term, Short-Term Disability, and Critical Illness plans
  • Life Insurance
  • 401k/403B with Employer Match
  • Tuition Assistance – $5,250/year and discounted educational opportunities through Guild Education
  • Student Debt Pay Down – $10,000
  • Reimbursement for certifications and free access to complete CEUs and professional development
  • Pet Insurance
  • Legal Resources Plan
  • Colleagues have the opportunity to earn an annual discretionary bonus if established system and employee eligibility criteria is met.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Third-Party Risk Managementvendor risk assessmentsinternal controls evaluationISO 27001NIST 800-53NIST CSFSOC1SOC2CSA CCMShared Assessments SIG
Soft Skills
communication skillsanalytical skillscritical thinkingproblem-solvingcollaborationrelationship buildingattention to detailarticulation of security requirementscross-functional teamworkstakeholder engagement
Certifications
CISACRISCCISMCISSP