Lead for Security Vendor Risk & Contract Reviews (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Lead for Security Vendor Risk & Contract Reviews (Cybersecurity): Architecting and executing a risk management program focused on substantive evaluation of third-party services and AI model providers with an accent on risk profiling and contractual protections. Focus on analyzing SOC 2 reports, redlining security contracts, and building a scalable continuous monitoring ecosystem for vendors.
Location: Hybrid (Foster City, CA). In-office requirement: Monday, Wednesday, and Friday
Salary: $210,000 – $270,000 + Equity
Company
Replit is an agentic software creation platform democratizing software development through natural language.
What you will do
- Run substantive third-party risk management (TPRM) by independently evaluating real risk profiles.
- Review SOC 2 reports, pen test findings, and architecture documentation for general and AI/model providers.
- Partner with Legal to review and redline vendor and AI contract terms, including DPAs and subprocessor agreements.
- Maintain the vendor and AI/model risk register, integrating findings into the master company risk register.
- Mature the customer trust program to enable sales efforts.
- Develop capabilities for continuous monitoring of the vendor ecosystem.
Requirements
- 8+ years of experience in TPRM, security risk, or a related GRC role.
- Ability to independently assess vendor risk using SOC 2, ISO certificates, and architecture docs.
- Experience redlining security and data-handling contract language in partnership with legal teams.
- Working knowledge of data privacy fundamentals (GDPR, CCPA).
- Strong cross-functional collaboration skills across Legal, Engineering, Product, and Sales.
- Experience building repeatable and scalable vendor review processes.
Nice to have
- Experience assessing foundation model providers or AI/ML vendors.
- Ability to automate third-party review workflows and continuous monitoring.
- Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act.
- Background at an AI-native product company or LLM provider.
- Paralegal experience or formal contract review training.
- Certifications such as CTPRP, CISSP, or CIPP/E.
Culture & Benefits
- Competitive salary and equity packages.
- Comprehensive health, dental, vision, and life insurance.
- 401(k) program with a 4% match (US Only).
- Flexible Time Off (FTO) and paid parental/medical leave.
- Autonomous work environment with monthly wellness stipends.
- In-office perks including commuter benefits and equipment reimbursement.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →