Technical Security Lead Third Party Risk

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 8 to 10+ years of related experience in information security, risk management, or third-party/vendor risk.
• Network topologies and risks.
• Azure Cloud and Azure Virtual Desktop.
• Encryption types (e.g., symmetric, asymmetric, hashing).
• Network and application connection types (e.g., VPN, direct connect, SFTP, HTTPS).
• Certificates and authentication protocols (e.g., TLS/SSL, OAuth, SAML).
• Identity and Access Management (IAM).
• API connection types and security risks.
• SaaS, PaaS, and IaaS architectures, including secure integration methods.
• Experience with tools such as ServiceNow and Dynatrace.
• Experience with YubiKeys or similar hardware-based authentication methods.
• Knowledge of security frameworks (e.g., NIST CSF and AI, ISO 27001, SOC 2).
• Project management and cross-functional collaboration.
• Technical acumen in cloud security, secure integrations, and AI risk mitigation.
• Strong analytical, documentation, and communication skills.
• Ability to assess and explain complex security risks to both technical and non-technical stakeholders.
• Experience in regulated industries (e.g., finance, healthcare).
• Knowledge of data privacy regulations (e.g., CCPA, GDPR).
• Security certifications (e.g., CISSP, CISA, CRISC).

Responsibilities

• Conduct in-depth technical security assessments of third-party vendors and partners.
• Evaluate vendor architecture, encryption practices, authentication mechanisms, and API integrations.
• Master and leverage third-party security rating services (e.g., BitSight, Security Scorecard, RiskRecon) to inform risk decisions.
• Develop a SaaS governance framework in partnership with key cross-functional teams such as Security Architecture and Identity & Access Management to mitigate the company’s risk exposure.
• Explore and evaluate the benefits of Software Bill of Materials (SBOM) compliance in third-party software.
• Create Cloud reference architectures to illustrate control requirements across Azure, AWS, and GCP environments.
• Identify and recommend appropriate security controls to mitigate risks associated with nascent generative AI platforms.
• Leverage generative AI platforms to expedite due diligence and security compliance processes.
• Assist the Product Security team in onboarding new operations partners and surfacing potential risks that could impact implementation.
• Clearly differentiate between SaaS, PaaS, and IaaS platforms, including the types of secure connections required for integration, with a focus on ingress, egress and layers of defense to protect sensitive data.
• Work with cross-functional teams to identify risks associated with shadow IT, and develop processes, procedures and controls to prevent, detect, and remediate risks.
• Assist with the exploration, selection, and implementation of Third Party Risk Management (TPRM) software to enhance program efficiency and scalability.
• Participate in the design of supply chain resiliency strategies that provide optionality during unforeseen events, helping to mitigate third-party and operational risk.
• Collaborate with internal teams (Security, IT, Legal, Procurement) to ensure third-party engagements meet security and compliance standards.
• Track and manage remediation efforts for identified risks.
• Maintain and enhance risk assessment tools and documentation.
• Stay current on emerging threats, technologies, and regulatory requirements.

Benefits

• Medical, dental, and vision.
• HSA contribution and match.
• Dependent care FSA match.
• Uncapped paid time off.
• Paid parental leave.
• 401(k) match.
• Personal and healthcare financial literacy programs.
• Ongoing education & tuition assistance.
• Gym and fitness reimbursement.
• Wellness program incentives.