Senior Risk Analyst, Privacy & Third-Party Risk

Location: Maryland, US

Apply

Requisition Number: 79568

Position Title:

External Description:

Role Summary 

The Senior Risk Analyst – Privacy & Third Party Risk is a Second Line of Defense (2LoD) role and a member of the Global Privacy Office (GPO) and Third Party Risk Management (TPRM) function. The role provides independent risk oversight, effective challenge, and assurance over first-line activities and outsourced TPRM services, operating with minimal supervision and a high degree of professional judgment. 

This position is expected to independently manage complex risk assessments, lead oversight activities, identify emerging risk themes, and deliver clear, actionable insights to senior stakeholders and governance committees. 

Responsibilities 

Privacy Risk– Global Privacy Office: 

  • Independently provide 2LoD oversight of privacy risks arising from first-line business activities and serve as a subject matter resource on privacy risk matters. 
  • Lead review and challenge of Privacy Impact Assessments (PIAs), Data Protection Impact Assessments (DPIAs), and privacy risk assessments. 
  • Evaluate the design and operating effectiveness of privacy controls and recommend enhancements aligned with regulatory expectations and risk appetite. 
  • Independently review privacy incidents, including root cause analyses and remediation plans. 
  • Provide technical expertise and support the implementation of privacy and data protection processes, controls, and procedures based on enterprise-wide guidance issued by the Global Privacy Office.  
  • Support the process of Privacy and Security by Design reviews, in particular, where they relate to the development and deployment of new technologies. This includes reviewing technical implementation details and design documentation for new systems and features, and providing guidance on improving privacy features in
  • those systems. 
  • Collaborate with technology and security teams to embed privacy controls into the architecture of products and services, including providing advice and best practices to protect and mitigate privacy risks. 
  • Identify opportunities to enhance the Global Privacy Office’s technical capabilities, develop, test and work with technology teams to deploy such capabilities. 
  • Support the maintenance of the firm’s required privacy compliance documentation (e.g., Records of Processing Activities, Transfer Impact Assessments, procedures, guides, training, Share Point sites).  
  • Support the execution of the privacy compliance monitoring program.  

Third-Party Risk Management:  

  • Perform quality assurance and effective challenge of third-party risk outputs produced by external service providers and first-line stakeholders. 
  • Monitor adherence to SLAs, KPIs, and contractual obligations of outsourced TPRM providers and escalate deficiencies as appropriate. 
  • Identify systemic control gaps, concentration risk, and emerging third-party risk trends across the vendor population. 
  • Support third party cyber and information security risk review activities. 
  • Contribute to the ongoing development of fourth-party risk governance and oversight practices. 
  • Identify opportunities to enhance TRPM’s technical capabilities, develop, test and work with technology teams to deploy such capabilities. 
  • Support the maintenance of the firm’s required TPRM compliance documentation (e.g., Policy, Supplier Management Standards, questionnaire templates, frameworks, training, Share Point sites).  

Risk Governance, Reporting & Analytics: 

  • Independently develop and deliver executive-level risk reporting, dashboards, and management information. 
  • Assist with monitoring and reporting emerging AI and technology risks across privacy and third party risk, contributing to oversight of controls, assessments, and reporting.  
  • Leverage AI-enabled tools and advanced analytics to identify trends, emerging risks, and control weaknesses. 
  • Lead preparation for regulatory examinations, internal audits, and management assurance activities related to privacy and third-party risk oversight. 
  • Maintain accurate, complete documentation in GRC, privacy, and TPRM systems and ensure audit-ready artifacts. 

Qualifications

Required: 

  • Bachelor’s degree in Risk Management, Information Systems, Finance, Business, Law, or a related field. 
  • 5+ years of experience in second-line risk management, privacy risk, or third-party risk oversight, preferably within financial services or asset management (or other industry subject to equivalent regulatory scrutiny). 
  • Demonstrated ability to operate independently with minimal guidance in a 2LoD environment. 
  • In-depth knowledge of global privacy regulations and outsourced TPRM operating models. 
  • Required Certifications (at least one): 
  • Certified Information Privacy Professional (CIPP/US, CIPP/E) 
  • Certified Information Systems Auditor (CISA) 
  • Certified in Risk and Information Systems Control (CRISC) 
  • Certified Third Party Risk Professional (CTPP)  

Preferred:

  • Experience leading or independently managing 2LoD privacy or TPRM oversight activities. 
  • Asset management or broader financial services experience. 
  • Additional certifications: 
  • CIPM or CIPT 
  • ISO 27001 Lead Implementer or Auditor 
  • Familiarity with SEC, FINRA, and global regulatory expectations.  

Tools & Technology (Preferred) 

  • Advanced experience with GRC, privacy, and TPRM platforms (e.g., Archer, ServiceNow, OneTrust, IBM OpenPages). 
  • Strong proficiency with reporting and analytics tools (e.g., Power BI, advanced Excel). 
  • Practical experience using AI-enabled risk, compliance, or data analytics tools to enhance oversight and reporting (e.g., Microsoft Co-Pilot, ChatGPT Enterprise). 
  • Ability to automate reporting and improve risk visibility. 

 

Key Competencies 

  • Strong independent judgment and risk-based decision-making. 
  • Ability to provide credible, effective challenge at senior levels. 
  • Excellent written and verbal communication skills. 
  • Strong issue management, quality assurance, and governance discipline. 
  • Comfort operating autonomously in a global, regulated environment.

FINRA Requirements

FINRA licenses are not required and will not be supported for this role.

Work Flexibility

This role is eligible for hybrid work, with up to one day per week from home.

City:

State:

Community / Marketing Title: Senior Risk Analyst, Privacy & Third-Party Risk

Company Profile:

Location_formattedLocationLong: Maryland, US

CountryEEOText_Description: Commitment to Diversity, Equity, and Inclusion: We strive for equity, equality, and opportunity for all associates. When we embrace the power of diversity and create an environment where people can bring their authentic and best selves to work, our firm is stronger, and we create greater value for our clients. Our commitment and inclusive programming aim to lift the experience for each associate and builds allies for our global associate community. We know that a sense of belonging is key not only to your success at the firm, but also to your ability to bring your best each day. Benefits: We invest in our people through a wide range of programs and benefits, including: • Competitive pay and bonuses as well as a generous retirement plan and employee stock purchase plan with matching contributions • Flexible and remote work opportunities • Health care benefits (medical, dental, vision) • Tuition assistance • Wellness programs (fitness reimbursement, Employee Assistance Program) Our policies may change as our working lives evolve. Yet, our commitment to supporting our associates’ well-being and addressing the needs of our clients, business, and communities is unwavering. T. Rowe Price is an equal opportunity employer and values diversity of thought, gender, and race. We believe our continued success depends upon the equal treatment of all associates and applicants for employment without discrimination on the basis of race, religion, creed, color, national origin, sex, gender, age, mental or physical disability, marital status, sexual orientation, gender identity or expression, citizenship status, military or veteran status, pregnancy, or any other classification protected by country, federal, state, or local law.

We’re driven by our purpose: To identify and actively invest in opportunities to help people thrive in an evolving world.

Find us on:     Facebook     X     YouTube     LinkedIn     Instagram

Do Not Sell or Share My Personal Information

Transparency in Coverage Disclosure

This website does not provide investment advice or recommendations. Nothing in this website shall be considered a solicitation to buy or an offer to sell a security, or any other product or service, to any person in any jurisdiction where such offer, solicitation, purchase, or sale would be unlawful under the laws of such jurisdiction.

T. ROWE PRICE, INVEST WITH CONFIDENCE, and the Bighorn Sheep design are, collectively and/or apart, trademarks of T. Rowe Price Group, Inc. All rights reserved.

© 2026 T. Rowe Price. All Rights Reserved.