Senior Risk Analyst, Privacy & Third-Party Risk

Senior Risk Analyst Privacy & Third Party Risk

The Senior Risk Analyst Privacy & Third Party Risk is a Second Line of Defense (2LoD) role and a member of the Global Privacy Office (GPO) and Third Party Risk Management (TPRM) function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities and outsourced TPRM services, operating with minimal supervision and a high degree of professional judgment.

This position is expected to independently manage complex risk assessments, lead oversight activities, identify emerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees.

Responsibilities

• Independently provide 2LoD oversight of privacy risks arising from first-line business activities and serve as a subject matter resource on privacy risk matters.
• Lead review and challenge of Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments.
• Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite.
• Independently review privacy incidents, including root cause analyses and remediation plans.
• Provide technical expertise and support the implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.
• Support the process of Privacy and Security by Design reviews, in particular, where they relate to the development and deployment of new technologies. This includes reviewing technical implementation details and design documentation for new systems and features, and providing guidance on improving privacy features in those systems.
• Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks.
• Identify opportunities to enhance the Global Privacy Office's technical capabilities, develop, test and work with technology teams to deploy such capabilities.
• Support the maintenance of the firm's required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, Share Point sites).
• Support the execution of the privacy compliance monitoring program.
• Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders.
• Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies as appropriate.
• Identify systemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population.
• Support third party cyber and information security risk review activities.
• Contribute to the ongoing development of fourth-party risk governance and oversight practices.
• Identify opportunities to enhance TRPMs technical capabilities, develop, test and work with technology teams to deploy such capabilities.
• Support the maintenance of the firm's required TPRM compliance documentation (e.g., Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).
• Independently develop and deliver executive-level risk reporting, dashboards, and management information.
• Assist with monitoring and reporting emerging AI and technology risks across privacy and third-party risk, contributing to oversight of controls, assessments, and reporting.
• Leverage AI-enabled tools and advanced analytics to identify trends, emerging risks, and control weaknesses.
• Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight.
• Maintain accurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts.

Qualifications

Required :

Preferred :

Tools & Technology (Preferred)

Key Competencies

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.

Base Salary Ranges

$87,000.00 - $148,000.00 for the location of : Maryland, Colorado, Washington and remote workers

$95,500.00 - $163,000.00 for the location of : Washington, D.C.

$108,000.00 - $185,000.00 for the location of : New York, California

Placement within the range provided above is based on the individual's relevant experience and skills for the role. Base salary is only one component of our total compensation package. Employees may be eligible for a discretionary bonus, which is determined upon company and individual performance.

Commitment to Diversity, Equity, and Inclusion

At T. Rowe Price, our associates are our greatest asset. We thrive because our company culture is built on inclusion and because we sustain a work environment where associates can bring their best selves to work every day. The backgrounds, talents, and experiences of our global associates allow us to embrace new ideas and perspectives that move our business priorities forward and enable us to deliver strong client outcomes. Here, you can expect equal opportunity and fair and consistent treatment for all.

Benefits

We value your goals and needs, at work and in life. As an associate, you'll be supported with resources, benefits, and work-life balance so you can thrive in ways that matter to you.

Featured employee benefits to enrich your life :

Learn more about our benefits.