Key skills
CloudCyber SecurityAIMLSaaSRisk ManagementCommunicationProblem Solving
About this role
Role Overview
- Conduct comprehensive security risk assessments of new and existing third party third parties, including SaaS providers, cloud services, hardware s, and critical business partners.
- Issue and evaluate security questionnaires, review external audit reports (e.g., SOC 2 Type 2, ISO 27001), and perform technical and physical security reviews (remote or on-site) for software, hardware, and services providers.
- Evaluate and ensure third parties adhere to organizational policies and best practices for the protective use and governance of data in AI systems and software, minimizing risk exposure.
- Maintain expertise in and actively address known supply chain risk types, including FOCI (Foreign Ownership, Control, or Influence), data theft & exposure, software and hardware backdoors/intrusion, counterfeit products, forced labor, geopolitical/trade disruptions, malware infection vectors and environmental.
- Partner with supply chain, legal, procurement, and business teams to identify third party risks and recommend appropriate risk treatment and remediation action plans.
- Assist in refining and maintaining a program to manage global supply chain risks, ensuring the integrity and security of hardware, software, and services from our third parties.
- Monitor third party relationships to ensure ongoing compliance with company policies, regulatory requirements (e.g., NIST, CMMC Level 2, GDPR, EAR, ITAR, UFLPA), and international government supply chain security programs such as CTPAT, AEO, and others.
- Serve as the first point of contact for third party security incidents, assisting with investigations and managing the response to minimize impact on the organization.
- Develop, build, and continuously improve the supply chain security and TPRM function by streamlining and automating processes, maintaining a third party inventory, developing key performance and risk metrics, and supporting AI modeling initiatives for predictive risk analysis.
- Partner with internal stakeholders to raise awareness about third party integration risks and communicate the results of risk assessments to ensure appropriate implementation of controls.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, Supply Chain Management, Criminal Justice, Business or a related field
- 6+ years of experience in a third party/supply chain risk management, supply chain security, cyber security, physical security, product security and/or information security role
- Strong understanding of information security principles and controls, including data protection, access management, and application security
- Proven experience conducting security reviews for software, hardware, and services providers in the third party supply chain
- Experience in quantitative analysis, including metrics development, data visualization, and supporting AI/ML model development
- Experience with understanding and addressing known supply chain risk types (e.g., FOCI, data theft & exposure, software and hardware backdoors/intrusion, counterfeit product, forced labor, geopolitical/trade disruptions, malware)
- Familiarity with key security frameworks and standards such as ISO 27001, NIST 800-53, NIST 800-171, SOC 2 Type 2, FedRamp
- Exceptional verbal and written communication skills, with the ability to clearly articulate complex security concepts to diverse audiences
- Excellent investigative skills
- Strong analytical, problem solving, attention to detail and organizational skills.
Tech Stack
- Cloud
- Cyber Security
Benefits
- comprehensive medical, dental, and vision plans
- matching 401K
- unlimited PTO and paid holidays
- parental/adoption leave
- legal insurance
- home technology stipend