Vendor Compliance Analyst

Job Description

Job Description

About The Institutes

Located in beautiful Malvern, Pennsylvania, The Institutes® are a not-for-profit comprised of diverse affiliates that educate, elevate, and connect people in the essential disciplines of risk management and insurance. Through products and services offered by our nearly 20 affiliated business units, people and organizations are empowered to help those in need with a focus on understanding, predicting, and preventing losses to create a more resilient world.

Additionally, we understand the importance of work-life balance—in 2025 Philly.com named us a Top Workplace for the tenth year and USA Today named us a USA Top Workplace for the fourth year. We provide excellent benefits and a friendly, team-focused work environment to drive employee engagement.

Vendor Compliance Analyst
The Vendor Compliance Analyst is responsible for advancing the organization’s vendor governance program into a strategic, risk-driven function focused on AI, data exposure, and technology portfolio optimization.

This role evolves beyond operational vendor tracking to provide analytical oversight of third-party risk, AI model exposure, SaaS rationalization strategy, and contractual data governance. The Vendor Compliance Analyst partners cross-functionally with Security, Legal, Procurement, IT, Application Development, and Compliance to evaluate vendor AI posture, assess model risk exposure, and ensure responsible technology adoption across the enterprise.

This position plays a critical role in strengthening the organization’s Third-Party Risk Management (TPRM) and AI governance frameworks, driving informed decision-making through risk analytics, vendor scoring, and portfolio optimization.

What You’ll Do:

Vendor Governance & Lifecycle Management

• Maintain contract repository and track renewal dates
• Coordinate renewals with Legal and Procurement
• Maintain vendor tier classifications and risk profiles

• Track remediation items and follow up with vendors.
• Review and distribute security questionnaires.
• Collect and analyze SOC reports, cyber insurance documentation, and compliance artifacts.
• Identify and execute Continuous improvement opportunities for the customer experience
• Proactively do research on the vendors spaces to track trends, risks and current events. Raise risks as needed.

AI & Third-Party Risk Analysis

• Conduct AI-focused vendor risk assessments, including model usage, training data sources, and data retention practices.
• Evaluate vendor AI posture and develop AI risk scoring methodology.
• Assess AI model risk exposure, including bias, explainability, and regulatory considerations.
• Partner with Security to detect and mitigate Shadow AI usage across the organization.
• Track vendor data exposure risk and data-sharing pathways.
• Coordinate OneTrust integrations and AI governance workflows.

Contract & Data Governance Oversight

• Review and evaluate AI/data-related clauses in contracts, including:
• Data ownership
• Data residency
• Model training rights
• Sub processor disclosures
• AI indemnification and liability language
• Partner with Legal to strengthen AI and data protection contractual standards.
• Support AI/data usage contractual reviews during vendor onboarding and renewals.

Technology Portfolio & SaaS Rationalization

• Maintain enterprise SaaS inventory and technology portfolio map.
• Analyze license utilization and identify consolidation opportunities.
• Develop SaaS rationalization strategy to reduce redundant platforms.
• Assess overlapping AI tool capabilities and risk duplication.
• Provide cost-risk optimization recommendations to leadership.

Analytics & Strategic Reporting

• Develop vendor risk dashboards and AI posture reporting.
• Create executive-level reporting on:
• AI vendor exposure
• Data risk trends
• Model risk concentration
• SaaS redundancy and cost optimization

What We’re Looking For:

Required

• 3–5+ years of experience in vendor management, third-party risk, IT governance, compliance, or risk analysis.
• Proficiency in LLM technology and utilization of such tools to manage the complexities of the research and analysis are critical to the success of the role.
• Effective hands-on usage of LLM technology-based tools to help achieve department Ends
• Experience reviewing vendor contracts and tracking renewals.
• Exposure to third-party risk assessments and security questionnaire processes.
• Strong analytical and documentation skills.
• Highly curious, and a desire for continuous improvement of the customer experience and risk management processes.
• Experience managing SaaS inventories or technology portfolios.
• Proficiency in Excel and vendor management platforms.

Preferred

• Experience supporting SOC 2, ISO 27001, or similar audits.
• Familiarity with OneTrust or TPRM platforms.
• Exposure to AI governance, data risk management, or emerging technology risk.
• Understanding of AI model risk principles (bias, explainability, regulatory impact).

Ability to be on-site 5 days a week is a must. The need for extended hours may be required to support meetings/events.

Required Competencies

• Analytical and risk-based decision-making
• Strategic thinking
• Strong organization skills
• AI and data governance awareness
• Strong cross-functional collaboration
• Process optimization mindset
• Executive-ready reporting skills
• Strive to reflect our five cultural values in all efforts: Put the Customer First, Do What You Say, Work Together, Be Innovative and Do the Right Thing.

The Best Part? The Benefits!

To enforce the importance of work-life balance, employees enjoy excellent benefits, including:

• 401(k) plan with company contribution up to 16%
• Generous time off package that includes paid vacation, personal, sick, and holidays
• Paid maternity and parental leave
• Tuition reimbursement
• Medical, dental, vision, and prescription coverage
• On our Malvern campus: Free lunch every day when working on campus, onsite fitness center, and a beautiful 1.25-mile walking path!