Vendor Security Program Manager (Cybersecurity)

TL;DR

Vendor Security Program Manager (Cybersecurity): Leading the development and continuous improvement of a global vendor security program, ensuring robust compliance frameworks and mitigating external risks from suppliers. Focus on conducting deep, evidence-based security assessments, making informed trade-offs between speed, scale, and security, and streamlining supply chain security processes.

Location: Hybrid in one of our US offices (San Francisco, Seattle, New York City, or Washington, DC). Relocation assistance is offered to new employees to these US locations.

Salary: $207,000–$355,000 + Equity

Company

hirify.global is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

What you will do

• Act as the primary interface for Security to the rest of the organization for vendors.
• Own vendor security risk decisions, escalation paths, and clearly document risk acceptance and mitigation plans.
• Conduct deep, evidence-based security assessments of third parties, including reviewing architectures, configurations, and operational practices.
• Assess and manage security risk across a diverse vendor landscape, including SaaS providers, cloud partners, and hardware manufacturers.
• Develop, build, and continuously improve the vendor security program and supply chain risk management function.
• Build and maintain collaborative partnerships with key internal stakeholders to ensure comprehensive security coverage.

Requirements

• Proven experience conducting third-party or supply chain security assessments, including building and scaling a vendor management security program.
• An in-depth understanding of information security principles and controls, including data protection and access management.
• Comfort operating in ambiguity and forming defensible security opinions even with incomplete information or high business pressure.
• Strong technical and analytical skills, with a demonstrated ability to identify and assess risks from external incidents and industry breaches.
• Exceptional verbal and written communication skills to articulate complex security concepts to diverse audiences.
• Knowledge of key security frameworks and standards such as ISO-27001, NIST 800-53, SOC 2, and understanding of TAA.

Nice to have

• Familiarity with workflow optimization tools such as Zip and OneTrust.
• A passion for integrating new AI technologies into your solutions.

Culture & Benefits

• Hybrid work model of 3 days in the office per week.
• Committed to ensuring that general-purpose artificial intelligence benefits all of humanity.
• Dedicated to pushing the boundaries of AI systems and safely deploying them to the world.
• An equal opportunity employer, not discriminating on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, or genetic information.
• Committed to providing reasonable accommodations to applicants with disabilities.