Senior Manager, Vendor Security

About The Position

Requirements

• Bachelor’s or advanced degree in Computer Science, Engineering, Cybersecurity, or a related field
• Minimum 10 years of security experience with at least 3 years in a leadership role
• Demonstrable ability to conduct third-party/vendor security assessments, including building and scaling vendor management programs.
• Strong knowledge of security principles and controls, such as data protection, access management, application security, identity and access management.
• Advanced technical and analytical skills; skilled in identifying and assessing risks from external incidents and breaches.
• Passion for integrating AI technologies into solutions.
• Experience with compliance frameworks like SOC 2, ISO 27001, and PCI DSS.
• Demonstrated success in client-facing roles.
• Self-motivated, accountable, adaptable, and focused under pressure.
• Good interpersonal and communication skills.

Responsibilities

• Lead a team of analysts and engineers to build, develop, and continually improve Adobe’s framework for managing security risks associated with vendors.
• Serve as the main interface between the Security team and the broader organization on matters related to vendors.
• Perform comprehensive, evidence-based security assessments of third parties, including evaluation of architectures, configurations, controls, and operational practices to validate vendors’ real-world security posture.
• Assess and manage security risks across a diverse vendor landscape, including SaaS providers, cloud and infrastructure partners, and other strategic or high-impact suppliers.
• Clearly communicate identified gaps and recommend solutions or compensating controls to business owners and various leadership stakeholders.
• Coordinate vendor security risk decisions and procedures to address blocking issues.
• Include detailed records of risk acceptance, mitigation strategies, and executive approvals when security requirements cannot be completely fulfilled.
• Collaborate with legal teams to ensure that security requirements are integrated into all contracts.
• Foster and maintain collaborative partnerships with various groups within Security, TPRM, Procurement, Legal, and Threat Intelligence to improve processes and workflow integrations for enhanced customer experience.
• Apply industry guidelines for risk analysis and stay informed about emerging trends and threats through continuous intelligence gathering.
• Implement real-time monitoring and alerting for all critical vendors.
• Develop procedures to address and remediate vulnerabilities identified in vendor systems.
• Streamline and automate vendor security processes to increase operational efficiency and reduce manual workload.