Resumo da vaga

Third Party Risk Management and Customer Trust Lead

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

What You'll Do

  • Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses
  • Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers
  • Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions
  • Review contracts for non-standard security language when flagged by Legal or deal desk, and recommend redlines
  • Maintain the vendor and AI/model risk register, feeding findings into the company's master risk register
  • Enable sales through maturing the customer trust program
  • Build the capability for continuous monitoring of vendor ecosystem

Required Skills & Experience

  • 8+ years in third-party/vendor risk management, security risk, or a related GRC role
  • Demonstrated ability to independently assess vendor risk rather than relying on questionnaire responses alone, fluent in reading SOC 2 reports, ISO certificates, pen test summaries, and architecture documentation
  • Experience reviewing or redlining security and data-handling contract language, ideally in partnership with a legal team
  • Working knowledge of data privacy fundamentals (GDPR, CCPA) as they relate to vendor and subprocessor relationships
  • Strong cross-functional collaboration skills — this role touches Legal, Engineering, Product, and Sales regularly
  • Experience building repeatable, scalable vendor review processes rather than inheriting an existing one

Bonus Qualifications

  • Direct experience assessing foundation model providers or AI/ML vendors specifically
  • Experience automating or streamlining third-party review workflows (e.g., continuous vendor monitoring, automated evidence pulls) is a plus
  • Familiarity with NIST AI RMF, ISO 42001, or the EU AI Act
  • Background at an AI-native product company or an LLM/model provider
  • Paralegal experience or formal contract review training
  • Relevant certifications (CTPRP, CISSP, CIPP/E)

Bonus Qualifications

  • Meet the Replit Agent
  • Replit: Make an app for that
  • Replit Blog
  • Amjad TED Talk

Bonus Qualifications

  • Operating Principles
  • Reasons not to work at Replit
Vagas similares

Mantenha uma lista reserva.

Ver vagas
FocoSREÁrea da vaga
Sinal de senioridadeLeadNível do candidato
StackStack listada na descriçãoSkills principais
Localização38 países aceitosElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link