Назад
20 часов назад

Lead for Security Vendor Risk & Contract Reviews (Cybersecurity)

210 000 - 270 000$
Формат работы
hybrid
Тип работы
fulltime
Грейд
lead
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Lead for Security Vendor Risk & Contract Reviews (Cybersecurity): Architecting and executing a risk management program focused on substantive evaluation of third-party services and AI model providers with an accent on risk profiling and contractual protections. Focus on analyzing SOC 2 reports, redlining security contracts, and building a scalable continuous monitoring ecosystem for vendors.

Location: Hybrid (Foster City, CA). In-office requirement: Monday, Wednesday, and Friday

Salary: $210,000 – $270,000 + Equity

Company

Replit is an agentic software creation platform democratizing software development through natural language.

What you will do

  • Run substantive third-party risk management (TPRM) by independently evaluating real risk profiles.
  • Review SOC 2 reports, pen test findings, and architecture documentation for general and AI/model providers.
  • Partner with Legal to review and redline vendor and AI contract terms, including DPAs and subprocessor agreements.
  • Maintain the vendor and AI/model risk register, integrating findings into the master company risk register.
  • Mature the customer trust program to enable sales efforts.
  • Develop capabilities for continuous monitoring of the vendor ecosystem.

Requirements

  • 8+ years of experience in TPRM, security risk, or a related GRC role.
  • Ability to independently assess vendor risk using SOC 2, ISO certificates, and architecture docs.
  • Experience redlining security and data-handling contract language in partnership with legal teams.
  • Working knowledge of data privacy fundamentals (GDPR, CCPA).
  • Strong cross-functional collaboration skills across Legal, Engineering, Product, and Sales.
  • Experience building repeatable and scalable vendor review processes.

Nice to have

  • Experience assessing foundation model providers or AI/ML vendors.
  • Ability to automate third-party review workflows and continuous monitoring.
  • Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act.
  • Background at an AI-native product company or LLM provider.
  • Paralegal experience or formal contract review training.
  • Certifications such as CTPRP, CISSP, or CIPP/E.

Culture & Benefits

  • Competitive salary and equity packages.
  • Comprehensive health, dental, vision, and life insurance.
  • 401(k) program with a 4% match (US Only).
  • Flexible Time Off (FTO) and paid parental/medical leave.
  • Autonomous work environment with monthly wellness stipends.
  • In-office perks including commuter benefits and equipment reimbursement.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →