Key skills
AWSAzureCloudCyber SecurityETLGoogle Cloud PlatformServiceNowAIAgenticGCPGoogle CloudIAMJiraAgileChange ManagementCommunicationNetwork Security
About this role
Role Overview
- Design & Execute end-to-end cybersecurity third-party assessments for strategic and high-risk vendors, including questionnaire reviews, technical evidence validation, architecture reviews, cloud configuration analysis, IAM assessments, encryption and key management reviews, logging/monitoring validation, and vulnerability/penetration test interpretation.
- Produce repeatable processes that create clear, prioritized risk findings and remediation guidance tailored to vendor risk and business impact.
- Design, build, and maintain automated assessment capabilities: evidence collection scripts, API connectors, ETL pipelines, data validation routines, and integration points with TPRM/GRC platforms (Aravo, ServiceNow GRC, RSA Archer, OneTrust, etc.).
- Develop and deploy agentic AI components (e.g., automated evidence triage, document ingestion and extraction, risk-scoring assistants, remediation suggestion agents) while ensuring safe, auditable, and privacy-preserving behavior.
- Lead lean process improvement initiatives across the assessment lifecycle: map value streams, eliminate waste, reduce handoffs, optimize SLAs, and implement continuous improvement cycles to increase throughput and quality.
- Create and maintain technical assessment artifacts: standardized templates, evidence matrices, technical checklists, assessment playbooks, and scoring rubrics that support repeatability and auditability.
- Validate and tune automated scoring models and AI outputs; perform periodic calibration and manual reviews to ensure accuracy and reduce false positives/negatives.
- Collaborate closely with Procurement, Legal, Security Operations/CIRT, Privacy, and other business stakeholders to ensure technical assessment findings map to contractual requirements and incident response expectations.
- Support remediation verification and re-assessment
- use automation to track evidence submission, validate fixes, and update risk status.
- Maintain strong documentation & processes to support change management of automation logic, AI agent behaviors, data mappings, integration schemas.
- Stay current on emerging attack techniques, supply chain threats, automation best practices, responsible AI controls, and lean methods; propose and implement improvements.
Requirements
- 5+ years of cybersecurity experience with at least 3 years focused on third-party/vendor security assessments or equivalent technical assessment roles.
- Deep hands-on expertise reviewing technical artifacts: cloud console evidence (AWS/Azure/GCP), architecture diagrams, IAM configurations, network security, encryption, logging/monitoring, vulnerability scans, and penetration test reports.
- Proven ability to translate technical findings into concise executive-level summaries and remediation plans; excellent written and verbal communication skills.
- Demonstrated experience applying lean principles or continuous improvement methods to operational processes
- ability to run value stream mapping, define and measure waste, and implement sustainable improvements.
- Comfortable working independently as a senior individual contributor and coordinating across technical and non-technical stakeholders; experience in agile environments and using agile tooling (ADO, JIRA).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- ETL
- Google Cloud Platform
- ServiceNow
Benefits
- Health insurance
- Flexible spending accounts
- Health savings accounts
- Retirement savings plans
- Life and disability insurance programs
- Paid time off