Lead Third Party Risk Analyst (Hybrid)

Position Compensation Range:

Pay Rate Type:

Compensation may vary based on the job level and your geographic work location. Relocation support is offered for eligible candidates.

Primary Accountabilities

• Lead and execute vendor and non-vendor third party risk assessments and due diligence across cybersecurity, privacy, compliance, and operational domains, ensuring alignment with internal risk frameworks, and regulatory expectations.
• Lead the identification, assessment, management, remediation, and tracking of third-party risks across the TPRM lifecycle, including onboarding, annual reassessments, and offboarding activities.
• Act as an important partner to cybersecurity, data privacy, compliance, AI Governance, procurement, and teams in evaluating third-party risk profiles-translating findings into applicable business guidance.
• Drive continuous improvement of the third-party processes, including onboarding, tiering, reassessment, exception handling, issue management, and offboarding.
• Identify opportunities to deploy automation, analytics, and AI/ML techniques to improve data collection, risk scoring, and reporting processes.
• Maintain a centralized third-party repository, monitoring performance, controls, and risk remediation across portfolio.
• Participate in compliance assessments, policy reviews, and internal audits improving third-party-related risks.
• Monitor latest cybersecurity and data privacy laws, compliance obligations, and industry standards to assess third-party exposure and adjust TPRM criteria accordingly.
• Remain current on regulatory changes, cybersecurity and data privacy requirements, and third-party risk trends, governance frameworks, and industry best practices.
• Lead key internal, cross functional, and stakeholder relationships to ensure expectations and opportunities to collaborate are transparently communicated.
• Work with leaders to evaluate risk relative to company strategy and risk appetite, assign accountability of mitigation strategies, and implement processes to monitor and report success.
• Accountable for partner engagement/management to understand internal processes and identify potential risks.

Specialized Knowledge & Skills Requirements

• Experience conducting third-party risk assessments, IT risk and compliance control assessments and evaluating compliance and privacy controls.
• Stakeholder engagement and communication skills-able to translate risk findings into concise, business-ready guidance.
• Demonstrated subjectmatter expertise with cybersecurity and information security controls-including privacy impact assessments, data protection requirements, and third-party security practices.
• In-depth knowledge of regulatory requirements and industry standards related to cybersecurity, data privacy, and compliance.
• Hands-on experience reviewing privacy, compliance, and cybersecurity artifacts (PIAs, DPAs, SOC reports, ISO certifications, etc.).
• Broad knowledge and understanding of insurance, industry trends and adjacencies.
• Demonstrated experience providing customer-driven solutions, support, or service.
• Advanced knowledge of security analysis processes and standards for conducting and reporting security analysis to stakeholders.
• Extensive knowledge and understanding of IT Risk Management and/or Information Systems Auditing.
• Extensive knowledge and understanding of IT risk and control frameworks.
• Solid knowledge and understanding of risk management methods, standards, processes, governance models, and industry standard risk analysis approaches.

Licenses:

• Professional certification such as CISA, CIPP, CIPM, CISSP, CRISC, CTPRP or similar are preferred.

Travel Requirements

• Up to 10%.

Physical Requirements

• Work that primarily involves sitting/standing.

Working Conditions

• Not Applicable.

• Offer to selected candidate will be made contingent on the results of applicable background checks

• Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions

• Sponsorship will not be considered for this position unless specified in the posting

• In this hybrid role, you will be expected to work a minimum of 10 days per month from one of these offices: Madison, WI 53783; Boston, MA 02110
• Internal candidates are encouraged to apply regardless of location and will be considered based upon the needs of the role.

We encourage you to apply even if you do not meet all of the requirements listed above. Skills can be used in many different ways, and your life and professional experience may be relevant beyond what a list of requirements will capture. We encourage those who are passionate about what we do to apply!

We provide benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, 9 paid holidays and a paid time off program (23 days accrued annually for full-time employees). In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Insurance Group benefits.

We are an equal opportunity employer. It is our policy to comply with all applicable federal, state and local laws pertaining to non-discrimination, non-harassment and equal opportunity. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.