Vendor Governance Coordinator
Malvern, PA - USA
Job Summary
About The Institutes
Located in beautiful Malvern Pennsylvania The Institutes are a not-for-profit comprised of diverse affiliates that educate elevate and connect people in the essential disciplines of risk management and insurance. Through products and services offered by our nearly 20 affiliated business units people and organizations are empowered to help those in need with a focus on understanding predicting and preventing losses to create a more resilient world.
Additionally we understand the importance of work-life balancein 2025 named us a Top Workplace for the tenth year and USA Today named us a USA Top Workplace for the fourth year. We provide excellent benefits and a friendly team-focused work environment to drive employee engagement.
Vendor Governance Coordinator
The Vendor Governance Coordinator supports The Institutes vendor governance and third-party risk management (TPRM) program day to day. This role handles vendor lifecycle administration third-party and AI-related risk intake and assessment contract and renewal tracking and SaaS/portfolio data applying the frameworks scoring criteria and standards set by IT leadership. The role makes heavy use of AI and LLM tools to research vendors analyze risk and spend and prepare clear well-organized reporting. It partners with Security Legal Procurement IT and Application Development to keep vendor and AI risk visible documented and current.
What Youll Do:
Vendor Governance & Lifecycle Administration
- Maintain the contract repository and renewal calendar.
- Coordinate renewals with Legal and Procurement.
- Maintain vendor tier classifications and risk profiles using the established tiering framework.
- Track remediation items and follow up with vendors.
- Distribute collect and organize security questionnaires.
- Collect and review SOC reports cyber insurance documentation and compliance artifacts.
- Research vendor markets for trends risks and current events and raise risks as needed.
- Identify continuous-improvement opportunities and flag them.
AI & Third-Party Risk Analysis
- Conduct AI-focused vendor risk assessments covering model usage training-data sources and data-retention practices using the established assessment criteria.
- Apply the AI risk-scoring methodology to evaluate vendor AI posture and document findings.
- Assess AI model risk exposure (bias explainability and regulatory considerations) and record results.
- Support Security in identifying and flagging Shadow AI usage across the organization.
- Track vendor data-exposure risk and data-sharing pathways.
- Maintain vendor and AI-governance records in OneTrust (or equivalent TPRM platform).
Contract & Data Governance Support
- Review AI- and data-related contract clauses and flag items for Legal including data ownership data residency model-training rights subprocessor disclosures and AI indemnification/liability language.
- Support Legal in applying AI and data-protection contractual standards.
- Support contractual reviews of AI/data usage during vendor onboarding and renewals.
Technology Portfolio & SaaS Tracking
- Maintain the enterprise SaaS inventory and technology portfolio map.
- Analyze license utilization and identify consolidation opportunities.
- Surface redundant platforms and overlapping AI tool capabilities to the Manager.
- Prepare cost-and-risk optimization options for the Managers review.
Reporting & Analytics
- Maintain vendor risk dashboards and AI-posture reporting.
- Prepare reporting for the Manager and stakeholders on AI vendor exposure data-risk trends model-risk concentration and SaaS redundancy and cost.
- Flag recurring risk patterns across vendor categories.
What Were Looking For:
Required
- 3 years of experience in vendor management third-party risk IT governance compliance procurement or operations.
- Comfortable using AI/LLM tools (e.g. Claude Microsoft Copilot) as a daily part of research analysis and documentation.
- Able to use AI tools effectively to manage the volume of vendor research and analysis the role requires.
- Experience reviewing vendor contracts and tracking renewals.
- Exposure to third-party risk assessments and security-questionnaire processes.
- Strong analytical and documentation skills.
- Highly curious with a drive to improve the customer experience and risk-management processes.
- Experience maintaining SaaS inventories or technology portfolios.
- Proficiency in Excel and vendor management platforms.
Preferred
- Experience supporting SOC 2 ISO 27001 or similar audits.
- Familiarity with OneTrust or TPRM platforms.
- Exposure to AI governance data risk management or emerging technology risk.
- Understanding of AI model risk principles (bias explainability regulatory impact).
Ability to be on-site 5 days a week is a must. The need for extended hours may be required to support meetings/events.
Required Competencies
- Analytical risk-based thinking
- Strong organization and follow-through
- AI and data-governance awareness
- Effective use of AI/LLM tools for research analysis and documentation
- Cross-functional collaboration
- Process-improvement mindset
- Clear well-organized reporting
- Commitment to The Institutes cultural values: Put the Customer First Do What You Say Work Together Be Innovative and Do the Right Thing.
The Best Part The Benefits!
To enforce the importance of work-life balance employees enjoy excellent benefits including:
- 401(k) plan with company contribution up to 16%
- Generous time off package that includes paid vacation personal sick and holidays
- Paid maternity and parental leave
- Tuition reimbursement
- Medical dental vision and prescription coverage
- On our Malvern campus: Free lunch every day when working on campus onsite fitness center and a beautiful 1.25-mile walking path!
Required Experience:
IC
About Company
The Institutes Knowledge Group offers over 25 Institutes Designations, online courses, sample courses, and more, to gain skills in risk management and insurance.