Job Description
Job Description
Position: Third Party Risk Coordinator
Location : Chicago, IL
Salary Range: 90k-115k
Benefits: This position is eligible for medical, dental, vision, and 401(k)
Position Summary:
We are seeking a detail-oriented and analytical Third-Party Risk Coordinator to support our risk management program. This role is responsible for reviewing client contracts for security and compliance requirements, assessing vendor and third-party risks, and maintaining and updating internal security policies to align with regulatory and contractual obligations.
The ideal candidate has experience in contract review, risk assessments, and policy governance in a cybersecurity or compliance-focused environment.
Key Responsibilities:
- Contract Review:
- Review client and vendor contracts, data protection agreements, and master service agreements for information security, privacy, and compliance terms.
- Identify and communicate gaps between client requirements and internal policies or capabilities.
- Collaborate with Legal, Sales, Procurement, and IT Security teams to align contract terms with organizational standards.
- Third-Party Risk Management:
- Assess third-party vendors for cybersecurity and compliance risks.
- Track and manage third-party security assessments, questionnaires, and audits.
- Ensure vendor compliance with applicable regulations, such as GDPR, CCPA, HIPAA, SOC 2, ISO 27001, etc.
- Security Policy Management:
- Maintain and update information security policies and procedures to reflect changes in laws, regulations, and business needs.
- Coordinate policy reviews with stakeholders across IT, Legal, HR, and Compliance departments.
- Ensure policies meet the requirements outlined in client contracts and external audits.
- Documentation & Reporting:
- Document risk findings and decisions in risk registers or compliance platforms.
- Prepare reports and dashboards to communicate contract review outcomes and vendor risk status to leadership.
- Track remediation activities related to third-party risk or contractual gaps.
Qualifications:
- Bachelor’s degree in information security, Risk Management, Business, Legal Studies, or a related field.
- 2–4 years of experience in third-party risk, compliance, legal contract review, or security governance.
- Familiarity with regulatory frameworks (e.g., GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2).
- Strong understanding of contract terms related to data privacy and cybersecurity.
- Excellent analytical, communication, and organizational skills.
Addison Group is an Equal Opportunity Employer. Addison Group provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Addison Group complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. Reasonable accommodation is available for qualified individuals with disabilities, upon request.