Vendor Assessor

About the Role

Vendor Assessor (Third‑Party Risk & Security) is a critical risk‑management position embedded within a major banking client of Deep Light AI. The role performs comprehensive security, privacy, and technical risk assessments of third‑party vendors, cloud service providers, and external software suppliers before they are integrated into the bank's ecosystem. The assessor ensures that external entities meet rigorous security baselines and regulatory compliance mandates, upholding Deep Light AI's standards of thoroughness and professional integrity.

• Conduct end‑to‑end cybersecurity and data privacy risk evaluations of third‑party vendors, reviewing SOC 2 reports, ISO certifications, penetration test results, and architecture diagrams.
• Verify compliance with financial services regulations, local banking authority guidelines, and internal information security standards.
• Identify security gaps during assessments, negotiate technical remediation plans with vendor security teams, and track open risks to closure or formal senior sign‑off.
• Produce detailed, defensible risk assessment reports and maintain an accurate ledger of third‑party risk profiles to support internal and external regulatory audits.
• Advise internal procurement teams, business sponsors, and senior risk managers on vendor‑related technical risks to enable informed commercial decisions.
• Represent Deep Light AI by modeling proactive risk management, objective analytical judgment, and structured communication across all business functions.

• Mastery of third‑party risk management (TPRM) methodologies, vendor risk‑tiering structures, and continuous monitoring practices within an enterprise environment.
• Deep proficiency in global security and privacy frameworks, including ISO/IEC 27001, NIST SP 800‑53, SOC 1/SOC 2 reporting standards, and data protection laws (e.g., GDPR).
• Ability to critically evaluate a vendor's network security, application security, cloud controls (AWS/Azure), and disaster recovery protocols.
• Capacity to constructively challenge vendor security assertions and guide internal business stakeholders when vendor risks exceed acceptable thresholds.
• Exceptional ability to synthesize complex technical findings into clear, objective risk summary reports for senior leadership.
• Minimum of 5 years of dedicated experience in cybersecurity auditing, information security risk management, or third‑party risk management.
• Proven experience executing vendor security assessments within a regulated tier‑1 or tier‑2 banking institution or financial services environment.
• Prior experience in a client‑facing professional services or consultancy capacity, managing high‑volume assessment pipelines and meeting client service‑level agreements.
• Documented experience evaluating the security posture of cloud‑native infrastructure, software‑as‑a‑service (SaaS) products, and APIs.

• Professional certifications such as CISA, CRISC, CISM, or CISSP.
• Practical familiarity with enterprise TPRM and GRC platforms (e.g., One Trust, Archer, Service Now, Whistic).
• Conceptual understanding of software supply‑chain vulnerabilities, open‑source dependencies, and automated software bill of materials (SBOM) validation.

• Competitive salary.
• Comprehensive personal health insurance.
• Visa sponsorship for the successful individual.
• Professional development and certification support.
• Subscription reimbursement related to your role.
• Opportunity to work on cutting‑edge AI projects.
• Monthly employee incentive program.
• Career advancement opportunities in a rapidly growing AI company.