Senior Third Party Risk Analyst (Hybrid)

As a senior third-party risk analyst with American Family Insurance you will help implement and enhance the Third-Party Risk Management (TPRM) program. Conduct end-to-end third-party risk assessments, analyze control environments, and ensure agreement on organizational policies, regulatory requirements, and industry best practices.
You will report to the Senior Manager, Third Party Risk Management.
#LI-Hybrid

Position Compensation Range:
$78,000.00 - $128,000.00

Pay Rate Type:
Salary

Compensation may vary based on the job level and your geographic work location. Relocation support is offered for eligible candidates.

Primary Accountabilities

• You will collaborate with our teams like Cybersecurity, Compliance, Procurement, Legal, and Business Units to perform ongoing risk assessments of third parties, focusing on operational, information security, compliance, financial, and reputational risks.
• Lead routine risk assessment and management activities, including identifying, documenting, and escalating control deficiencies, recommending remediation actions, and tracking issue resolution.
• Evaluate third-party control documentation (SOC reports, ISO 27001, SIG Lite/Full, questionnaires) to assess risk mitigation adequacy.
• Foster collaboration with stakeholders across the enterprise.
• Help develop Third-Party Risk Management (TPRM) frameworks and enhance the enterprise risk-smart culture through education.
• Establish and maintain enterprise-wide reporting.
• Help with continuous improvement efforts, process automation, and documentation updates to enhance TPRM efficiency and scalability.
• Contribute to regulatory reporting and audit support related to third-party oversight.

• Demonstrated experience providing customer driven solutions, support or service.
• Solid knowledge and understanding of risk management methods, standards, processes, governance models, and industry standard risk analysis approaches.
• Knowledge of insurance, industry trends and adjacencies.
• Demonstrated experience facilitating group discussions. Skills to influence these discussions are developing.
• Strong written and verbal communication and problem-solving skills.
• Demonstrated experience establishing positive relationships with stakeholders.
• Demonstrated experience providing customer-driven solutions, support or service.
• Demonstrated experience in managing projects to their completion.

• Working knowledge of third-party risk regulations and guidance (e.g., OCC, FFIEC, GDPR, CCPA, NYDFS 500, HIPAA).
• Knowledge of regulatory requirements and industry standards related to cybersecurity, data privacy, and compliance.
• Ability to evaluate risks and assess vendor control environments.
• Understanding of IT and compliance risk, control frameworks and control assessments.

• Not applicable.

• Up to 10%.

• Not applicable.

• In this hybrid role, you will be expected to work a minimum of 10 days per month from one of these offices: Madison, WI 53783; Boston, MA 02110
• Internal candidates are encouraged to apply regardless of location and will be considered based upon the needs of the role.

• Offer to selected candidate will be made contingent on the results of applicable background checks
  
• Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions
  
• Sponsorship will not be considered for this position unless specified in the posting