Senior Risk Analyst, Privacy & Third-Party Risk

Role Summary 

The Senior Risk Analyst – Privacy & Third Party Risk is a Second Line of Defense (2LoD) role and a member of the Global Privacy Office (GPO) and Third Party Risk Management (TPRM) function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities and outsourced TPRM services, operating with minimal supervision and a high degree of professional judgment. 

This position is expected to independently manage complex risk assessments, lead oversight activities, identify emerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees. 

Responsibilities 

Privacy Risk– Global Privacy Office: 

• Independently provide 2LoD oversight of privacy risks arising from first-line business activities and serve as a subject matter resource on privacy risk matters. 
• Lead review and challenge of Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments. 
• Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite. 
• Independently review privacy incidents, including root cause analyses and remediation plans. 
• Provide technical expertise and support the implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.  
• Support the process of Privacy and Security by Design reviews, in particular, where they relate to the development and deployment of new technologies. This includes reviewing technical implementation details and design documentation for new systems and features, and providing guidance on improving privacy features in
• those systems. 
• Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks. 
• Identify opportunities to enhance the Global Privacy Office’s technical capabilities, develop, test and work with technology teams to deploy such capabilities. 
• Support the maintenance of the firm’s required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, Share Point sites).  
• Support the execution of the privacy compliance monitoring program.  

Third-Party Risk Management:  

• Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders. 
• Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies as appropriate. 
• Identify systemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population. 
• Support third party cyber and information security risk review activities. 
• Contribute to the ongoing development of fourth-party risk governance and oversight practices. 
• Identify opportunities to enhance TRPM’s technical capabilities, develop, test and work with technology teams to deploy such capabilities. 
• Support the maintenance of the firm’s required TPRM compliance documentation (e.g., Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).  

Risk Governance, Reporting & Analytics: 

• Independently develop and deliver executive-level risk reporting, dashboards, and management information. 
• Assist with monitoring and reporting emerging AI and technology risks across privacy and third party risk, contributing to oversight of controls, assessments, and reporting.  
• Leverage AI-enabled tools and advanced analytics to identify trends, emerging risks, and control weaknesses. 
• Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight. 
• Maintain accurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts. 

Qualifications

Required: 

• Bachelor’s degree in Risk Management, Information Systems, Finance, Business, Law, or a related field. 
• 5+ years of experience in second-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management (or other industry subject to equivalent regulatory scrutiny). 
• Demonstrated ability to operate independently with minimal guidance in a 2LoD environment. 
• In-depth knowledge of global privacy regulations and outsourced TPRM operating models. 
• Required Certifications (at least one): 
• Certified Information Privacy Professional (CIPP/US, CIPP/E) 
• Certified Information Systems Auditor (CISA) 
• Certified in Risk and Information Systems Control (CRISC) 
• Certified Third Party Risk Professional (CTPP)  

Preferred:

• Experience leading or independently managing 2LoD privacy or TPRM oversight activities. 
• Asset management or broader financial services experience. 
• Additional certifications: 
• CIPM or CIPT 
• ISO 27001 Lead Implementer or Auditor 
• Familiarity with SEC, FINRA, and global regulatory expectations.  

Tools & Technology (Preferred) 

• Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust, IBM OpenPages). 
• Strong proficiency with reporting and analytics tools (e.g., Power BI, advanced Excel). 
• Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting (e.g., Microsoft Co-Pilot, ChatGPT Enterprise). 
• Ability to automate reporting and improve risk visibility. 

 

Key Competencies 

• Strong independent judgment and risk-based decision-making. 
• Ability to provide credible, effective challenge at senior levels. 
• Excellent written and verbal communication skills. 
• Strong issue management, quality assurance, and governance discipline. 
• Comfort operating autonomously in a global, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.

Base Salary Ranges

Please review the job posting for the location of this specific opportunity.

$87,000.00 - $148,000.00 for the location of: Maryland, Colorado, Washington and remote workers
$95,500.00 - $163,000.00 for the location of: Washington, D.C.
$108,000.00 - $185,000.00 for the location of: New York, California

Placement within the range provided above is based on the individual’s relevant experience and skills for the role.  Base salary is only one component of our total compensation package.  Employees may be eligible for a discretionary bonus, which is determined upon company and individual performance.

Commitment to Diversity, Equity, and Inclusion

At T. Rowe Price, our associates are our greatest asset. We thrive because our company culture is built on inclusion and because we sustain a work environment where associates can bring their best selves to work every day. The backgrounds, talents, and experiences of our global associates allow us to embrace new ideas and perspectives that move our business priorities forward and enable us to deliver strong client outcomes. Here, you can expect equal opportunity and fair and consistent treatment for all. 

Benefits

T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.