Vendor Security Manager
About The Position
Figma is looking for a Vendor Security Manager to build and scale its third-party risk management and vendor security operations program. This role is crucial for the strategic growth and operational excellence of the vendor risk management program and vendor security assessment processes. It's a highly cross-functional role, requiring close collaboration with Procurement, Legal, Engineering, IT, People Operations, Compliance, and other Figma business partners to evaluate and mitigate risks, conduct comprehensive security assessments, and proactively drive program and process improvements to better enable the business. This is a full-time role that can be based in one of Figma's US hubs or remotely within the United States.
Requirements
- Proven experience conducting third-party or supply chain security assessments, and hands-on experience building or scaling a vendor security management program.
- Strong understanding of information security principles and controls, including data protection, access management, and application security.
- Strong analytical skills and comfort with technical assessments, with a demonstrated ability to identify and assess risks at the technical, tactical, and strategic levels.
- Familiarity with security frameworks and standards such as ISO 27001, NIST, and SOC 2, and an ability to translate those requirements into practical vendor expectations and controls.
- Exceptional communication skills with the ability to clearly articulate complex security risks and tradeoffs to both technical and non-technical audiences.
Nice To Haves
- Experience with procurement, risk management, or vendor management tools and workflow optimization (e.g. Zip, Coupa, Vanta, Drata, etc).
- Familiarity with AI/ML vendor risk considerations or experience assessing vendors in a high-growth technology company.
- Familiarity with AI risk frameworks (NIST AI RMF, OECD, ISO 42001).
- Experience with using AI tools (e.g Claude Code, Claude Cowork, Open AI Codex, etc) to automate and scale manual processes and decision-making workflows.
Responsibilities
- Build, own, and continuously improve Figma's vendor security and TPRM program, including third-party risk assessments, vendor security reviews, and continuous monitoring.
- Streamline and automate vendor security workflows to increase efficiency and reduce manual overhead, leveraging modern tooling and AI to optimize workflows and assessments.
- Develop and maintain reporting, tracking, and metrics for vendor security, third-party risk posture, and program health to security leadership and cross-functional stakeholders.
- Own vendor risk communication and escalation paths, including documenting risk acceptance, mitigation plans, and trade-offs to cross-functional audiences.
- Partner with Procurement, Legal, Contracts, and Security teams to embed appropriate risk and compliance controls into vendor agreements and support negotiations or escalations.
- Facilitate contingent worker onboarding and access management in partnership with our People Operations and Workplace teams.
Benefits
- health, dental & vision
- retirement with company contribution
- parental leave & reproductive or family planning support
- mental health & wellness benefits
- generous PTO
- company recharge days
- a learning & development stipend
- a work from home stipend
- cell phone reimbursement
- sales incentive pay for most sales roles
- annual bonus plan for eligible non-sales roles
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
