Note: The job is a remote job and is open to candidates in USA. UnitedHealth Group is a global organization that delivers care aided by technology to help millions of people live healthier lives. The Senior Vendor Risk Analyst is responsible for assessing third-party risk exposure and supporting the organization's vendor risk management program, ensuring compliance with risk standards and preparing documentation. This role involves collaboration with various stakeholders to evaluate and mitigate vendor risks across multiple dimensions.
Responsibilities
- Review vendor information to assess risk exposure and assign appropriate risk ratings in accordance with established assessment criteria
- Analyze and report on vendor risk across multiple dimensions, including information security, financial, geographic, operational, regulatory, and technology risk
- Coordinate vendor risk assessments by partnering with subject matter experts and vendor managers to ensure thorough, accurate, and timely completion
- Escalate higher-risk findings when additional due diligence, mitigation planning, or supplemental assessments are required
- Collaborate with internal stakeholders to gather supporting documentation, clarify risk factors, and facilitate timely assessment outcomes
- Support enterprise risk management objectives by aligning third-party risk reviews with broader organizational risk standards and frameworks
- Prepare Vendor Risk Papers that provide detailed analysis of financial, operational, regulatory, and technology-related risks
- Strong written and verbal communication skills, with the ability to work effectively across cross-functional teams
Skills
- 5+ years of experience assessing vendor or third-party risk
- Solid understanding of vendor risk management principles, including second-line frameworks related to third-party risk oversight
- Familiarity with industry compliance standards and frameworks, including ISO 27001, SIG, and SOC 2
- Proven solid ability to read and analyze financial statements as part of risk evaluation and due diligence
- Bachelor's degree or 5+ years of experience in third-party or vendor risk management within the banking industry
- 2+ years of experience with eGRC Archer
- Experience contributing to the development of materials and reports for senior and executive management, including Board and management-level committees
- Experience working collaboratively with internal stakeholders, subject matter experts, and vendor managers
- Knowledge of control and risk identification, with the ability to assess the strength of controls across multiple risk factors in complex environments and systems
- Thorough understanding of risk management policies, best practices, and relevant certifications
- Proven relationship management skills, including the ability to engage effectively with stakeholders, customers, and vendors, and to build strong professional networks
- Proven ability to assess and evaluate AI-related risks and controls within third-party relationships, including awareness of AI tools, automated decision-making, and emerging AI regulatory requirements
- Proven ability to synthesize complex risk information into clear, concise, and actionable documentation
- Proven organizational skills, including the ability to successfully manage multiple concurrent priorities
Benefits
- A comprehensive benefits package
- Incentive and recognition programs
- Equity stock purchase
- 401k contribution (all benefits are subject to eligibility requirements)
Company Overview