Analysis Skills, Artificial Intelligence (AI), Contract Approval, Contract Management, Contract Review, Cross-Functional, Customer Experience, Data Management, Data Modeling, Documentation, Emerging Technology, Expense Analysis, Fitness, Follow Through, ISO (International Organization for Standardization), IT Governance, Information/Data Security (InfoSec), Insurance, Insurance Documentation, Inventory Management, Legal, Legal Support Skills, Market Trend Analysis, Microsoft Product Family, Nonprofit, Onboarding, Organizational Skills, Prescription Drugs, Process Improvement, Purchasing/Procurement, Regulations, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Risk Modeling, Scorecarding, Software as a Service (SaaS), Technical Leadership, Vendor/Supplier Evaluation, Vendor/Supplier Management
About The Institutes
Located in beautiful Malvern, Pennsylvania, The Institutes® are a not-for-profit comprised of diverse affiliates that educate, elevate, and connect people in the essential disciplines of risk management and insurance. Through products and services offered by our nearly 20 affiliated business units, people and organizations are empowered to help those in need with a focus on understanding, predicting, and preventing losses to create a more resilient world.
Additionally, we understand the importance of work-life balance—in 2025 Philly.com named us a Top Workplace for the tenth year and USA Today named us a USA Top Workplace for the fourth year. We provide excellent benefits and a friendly, team-focused work environment to drive employee engagement.
Vendor Governance Analyst
The Vendor Governance Analyst supports The Institutes’ vendor governance and third-party risk management (TPRM) program day to day. This role handles vendor lifecycle administration, third-party and AI-related risk intake and assessment, contract and renewal tracking, and SaaS/portfolio data, applying the frameworks, scoring criteria, and standards set by IT leadership. The role makes heavy use of AI and LLM tools to research vendors, analyze risk and spend, and prepare clear, well-organized reporting. It partners with Security, Legal, Procurement, IT, and Application Development to keep vendor and AI risk visible, documented, and current.
What You’ll Do:
Vendor Governance & Lifecycle Administration
- Maintain the contract repository and renewal calendar.
- Coordinate renewals with Legal and Procurement.
- Maintain vendor tier classifications and risk profiles using the established tiering framework.
- Track remediation items and follow up with vendors.
- Distribute, collect, and organize security questionnaires.
- Collect and review SOC reports, cyber insurance documentation, and compliance artifacts.
- Research vendor markets for trends, risks, and current events, and raise risks as needed.
- Identify continuous-improvement opportunities and flag them.
AI & Third-Party Risk Analysis
- Conduct AI-focused vendor risk assessments — covering model usage, training-data sources, and data-retention practices — using the established assessment criteria.
- Apply the AI risk-scoring methodology to evaluate vendor AI posture and document findings.
- Assess AI model risk exposure (bias, explainability, and regulatory considerations) and record results.
- Support Security in identifying and flagging Shadow AI usage across the organization.
- Track vendor data-exposure risk and data-sharing pathways.
- Maintain vendor and AI-governance records in OneTrust (or equivalent TPRM platform).
Contract & Data Governance Support
- Review AI- and data-related contract clauses and flag items for Legal, including data ownership, data residency, model-training rights, subprocessor disclosures, and AI indemnification/liability language.
- Support Legal in applying AI and data-protection contractual standards.
- Support contractual reviews of AI/data usage during vendor onboarding and renewals.
Technology Portfolio & SaaS Tracking
- Maintain the enterprise SaaS inventory and technology portfolio map.
- Analyze license utilization and identify consolidation opportunities.
- Surface redundant platforms and overlapping AI tool capabilities to the Manager.
- Prepare cost-and-risk optimization options for the Manager’s review.
Reporting & Analytics
- Maintain vendor risk dashboards and AI-posture reporting.
- Prepare reporting for the Manager and stakeholders on AI vendor exposure, data-risk trends, model-risk concentration, and SaaS redundancy and cost.
- Flag recurring risk patterns across vendor categories.
What We’re Looking For:
Required
- 3+ years of experience in vendor management, third-party risk, IT governance, compliance, procurement, or operations.
- Comfortable using AI/LLM tools (e.g., Claude, Microsoft Copilot) as a daily part of research, analysis, and documentation.
- Able to use AI tools effectively to manage the volume of vendor research and analysis the role requires.
- Experience reviewing vendor contracts and tracking renewals.
- Exposure to third-party risk assessments and security-questionnaire processes.
- Strong analytical and documentation skills.
- Highly curious, with a drive to improve the customer experience and risk-management processes.
- Experience maintaining SaaS inventories or technology portfolios.
- Proficiency in Excel and vendor management platforms.
Preferred
- Experience supporting SOC 2, ISO 27001, or similar audits.
- Familiarity with OneTrust or TPRM platforms.
- Exposure to AI governance, data risk management, or emerging technology risk.
- Understanding of AI model risk principles (bias, explainability, regulatory impact).
Ability to be on-site 5 days a week is a must. The need for extended hours may be required to support meetings/events.
Required Competencies
- Analytical, risk-based thinking
- Strong organization and follow-through
- AI and data-governance awareness
- Effective use of AI/LLM tools for research, analysis, and documentation
- Cross-functional collaboration
- Process-improvement mindset
- Clear, well-organized reporting
- Commitment to The Institutes’ cultural values: Put the Customer First, Do What You Say, Work Together, Be Innovative, and Do the Right Thing.
The Best Part? The Benefits!
To enforce the importance of work-life balance, employees enjoy excellent benefits, including:
- 401(k) plan with company contribution up to 16%
- Generous time off package that includes paid vacation, personal, sick, and holidays
- Paid maternity and parental leave
- Tuition reimbursement
- Medical, dental, vision, and prescription coverage
- On our Malvern campus: Free lunch every day when working on campus, onsite fitness center, and a beautiful 1.25-mile walking path!
A
American Institute for Chartered Propert