Senior Cyber Assurance Partner - Third-Party Risk

Disrupt & Automate TPRM: You will design and implement automated workflows and AI agents that handle the heavy lifting of TPRM (e.g., chasing vendors for documentation, chasing internal owners, instantly parsing SOC2 reports). You will define these flows technically so our security engineers can build them, or build them yourself by expertly leveraging AI capabilities while ensuring strict data accuracy and hallucination governance.

Govern the Payment Processor Framework: You will be the mastermind behind our global assessment framework. You will own the standard, tune the risk-scoring models, and analyze the technical findings from our external assessment vendors to separate mature partners from those requiring strict compensating controls.

Pragmatic Risk Tiering: You will build a system that moves at the speed of the business. You will actively design fast-tracks that skip deep security reviews for low-risk vendors, reserving deep technical verification (bridging the "paper vs. reality" gap) for critical, high-risk processors in emerging markets.

Shift Left & First-Line Accountability: Partner with the CISO and security leadership to ensure the Security team is not the bottleneck. You will give business leaders the transparent data, tools, and rules they need to accept or reject vendor risk, shifting accountability to the first line of defense where it belongs.

Strategic Advising on Compensating Controls: When a critical vendor has a high risk score but is a business necessity, you will act as the pragmatic advisor. You will define the strict operational compensating controls (e.g., volume caps, daily reconciliation) required to safely enable the business.

Roll Up Your Sleeves: We need a visionary who executes. While you are designing the automated future, you are fully willing to dive into the trenches, review documentation, and run the assessments manually with your own hands.

Proactive Ownership & Disruptive Vision: You hate the slow, bureaucratic status quo of traditional risk management. You are highly motivated, self-driven, and proactively find ways to bypass bottlenecks and deliver results.

Hands-On Grit: You are not an "ivory tower" architect. You have the humility and work ethic to do the manual assessment work yourself while simultaneously building the automation that will eventually replace that manual effort.

AI Fluency & Technical Translation: You are deeply comfortable in technical AI environments. While you don't need to be a traditional coder, you can logically map out complex technical workflows and communicate them flawlessly to security engineers to build.

High EQ, IQ, & Organizational Navigation: You read people well and can seamlessly navigate a complex corporate landscape. You know how to negotiate with Procurement, Legal, and Business Leaders, finding pragmatic compromises between strict security and business velocity.

Disciplined Multi-Threading: You are highly organized and disciplined. You are comfortable multitasking and "multi-threading" across diverse priorities—from reviewing a critical payment processor to designing an AI workflow—without losing focus or dropping the ball.

Pragmatic & Impact-Driven Mindset: You understand that blocking a vendor costs the company money. You focus on what actually reduces risk, adds value, and maintains compliance while supporting aggressive business growth.

Exceptional Communication: Strong written and verbal communication skills in English. You can distill complex third-party security risks into simple, actionable business decisions for executive leadership.

Deep understanding of payment processors, financial institutions, fintech ecosystems, and the unique cybersecurity challenges of emerging markets.

Familiarity with security and compliance frameworks (PCI DSS, ISO 27001, SOC2), but more importantly, the ability to spot when these are just "paper compliance."

Experience building or heavily integrating with modern GRC, risk management, or procurement platforms.