What You'll Do * Own and execute third-party and supplier risk assessments using NIST 800-171 and similar frameworks * Independently scope assessments by identifying data flows, CUI exposure, inherent risk, and assessment approach * Validate vendor controls and trace conclusions from inherent risk through residual risk with defensible rationale * Review and analyze vendor evidence such as SOC 2 Type II reports, ISO 27001 certifications, SIG responses, and penetration test summaries * Evaluate security controls across infrastructure, applications, and cloud environments including AWS and Azure, clearly identifying gaps * Assess vendor criticality and business impact, including breach and termination scenarios * Conduct OSINT research to inform third-party security posture and risk profile * Deliver clear, actionable risk assessment reports, including executive summaries for leadership * Partner with business units to translate technical risk into business impact and guide remediation efforts * Contribute to internal risk assessments, exception-to-policy evaluations, and enterprise risk discussions * Identify process gaps and propose practical improvements, including AI-driven efficiencies to enhance assessment quality and speed What You'll Bring * Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Systems, or a related field * 3 or more years of experience in IT security or risk management with direct third-party or vendor risk assessment ownership * Demonstrated ability to independently deliver end-to-end risk assessments on schedule * Broad understanding of information security risk beyond TPRM, including internal systems, For full info follow application link. This is a hands-on, experienced role where you will own vendor risk assessments end to end, contribute to broader enterprise risk initiatives, and help mature WGU's third-party risk management program through strong judgment, clear communication, and continuous improvement.