Resumen del rol

Third Party Risk Management and Customer Trust Lead

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

What You'll Do

  • Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses
  • Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers
  • Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions
  • Review contracts for non-standard security language when flagged by Legal or deal desk, and recommend redlines
  • Maintain the vendor and AI/model risk register, feeding findings into the company's master risk register
  • Enable sales through maturing the customer trust program
  • Build the capability for continuous monitoring of vendor ecosystem

Required Skills & Experience

  • 8+ years in third-party/vendor risk management, security risk, or a related GRC role
  • Demonstrated ability to independently assess vendor risk rather than relying on questionnaire responses alone, fluent in reading SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation
  • Experience reviewing or redlining security and data-handling contract language, ideally in partnership with a legal team
  • Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships
  • Strong cross-functional collaboration skills — this role touches Legal, Engineering, Product, and Sales regularly
  • Experience building repeatable, scalable vendor review processes rather than inheriting an existing one

Bonus Qualifications

  • Direct experience assessing foundation model providers or AI/ML vendors specifically
  • Experience automating or streamlining third-party review workflows (e.g., continuous vendor monitoring, automated evidence pulls) is a plus
  • Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act
  • Background at an AI-native product company or an LLM/model provider
  • Paralegal experience or formal contract review training
  • Relevant certifications (CTPRP, CISSP, CIPP/E)

Bonus Qualifications

  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Bonus Qualifications

  • Operating Principles
  • Reasons not to work at Replit
Roles similares

Mantén una lista de respaldo.

Ver roles
FocoSREÁrea del rol
Señal de seniorityLeadNivel del candidato
StackStack listado en la descripciónSkills principales
Ubicación38 países aceptadosElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.
Aplicar en el sitio de la empresaSitio de la empresaAbrir link