Security Contract Manager

Blue Yonder•Dallas, TX

1d•Remote

About The Position

Blue Yonder is a global leader in AI‑driven digital supply chain solutions, empowering businesses to optimize and transform their operations with innovative, intelligent technology. As we shape the future of global cybersecurity, our GRC team is seeking a talented Security Contract Manager. Every service Blue Yonder offers depends on trusted third-party service – cloud hosts, AI providers, payment processors, and niche micro-SaaS tools. Above all, Blue Yonder values our customers and the security of their data. Your job is to make sure Blue Yonder’s relationships with vendors and customers never become our weakest link. You’ll weave iron-clad information-security clauses into every vendor and customer contract and verify that partners live up to what they signed.

Requirements

7+ years in Information-Security, Security Privacy, or Security Vendor-Risk roles.
3+ years drafting/negotiating security clauses for technology contracts.
Hands-on experience with SaaS and/or PaaS architectures (multi-tenant, micro-services, AI/ML pipelines).
Solid knowledge of major frameworks/regulations: GDPR, CCPA, PCI-DSS v4.0, ISO 27001:2022, SOC 2, CSA CCM.
Familiarity with common assessment tools (SIG Lite/Core, CAIQ, VSA) and audit standards.
Strong cross-functional communication skills—comfortable in Vendor Q&A sessions, red-line negotiations, and board-level briefings.
Bachelor’s in Cybersecurity, Information Systems, or equivalent practical experience.

Nice To Haves

JD or Paralegal background with focus on technology contracts.
3+ years of Third-party risk management experience.
Experience auditing hyperscale cloud providers and Gen-AI model vendors.
Certifications: CISA, CIPP/E, CDPSE, or CISSP.

Responsibilities

Contract Security Governance – Draft, negotiate, and maintain standard information-security, privacy, and data-protection language in MSAs, SOWs, DPAs, and customer agreements. Track remediation of contractually identified gaps related to GDPR, SOC 2, ISO 27001, and the EU AI Act.
Track Deviations – Track non-standard contract terms for customers and vendors so that the contractually unique requirements can be quickly acted upon.
Vendor Security Assessments – Lead risk reviews for new and renewal vendors (questionnaires, SIG/Core, evidence collection). Rate residual risk, document mitigations, and approve or reject onboarding.
Audit & Compliance – Schedule and conduct targeted onsite / virtual audits to confirm vendors meet contractual controls (e.g., encryption at rest, vulnerability management SLAs, incident-reporting). Track findings to closure.
Stakeholder Enablement – Partner with Legal, Procurement, Sales, and Product to embed security requirements in deal templates, playbooks, and CLM workflows. Provide red-line guidance during high-velocity sales cycles.
Program Metrics & Uplift – Publish dashboards for contractual adherence and drive quarterly retrospectives to harden the program. Identify opportunities for automation (e.g., questionnaire ingestion, continuous monitoring).

Benefits

Comprehensive Medical, Dental and Vision
401K with Matching
Flexible Time Off
Corporate Fitness Program
A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume