×
Register Here to Apply for Jobs or Post Jobs. X

Security Risk and Compliance Lead

Remote / Online - Candidates ideally in
Warsaw, Kosciusko County, Indiana, 46580, USA
Listing for: United States Digital Space LLC
Remote/Work from Home position
Listed on 2026-06-30
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 67494 - 80844 USD Yearly USD 67494.00 80844.00 YEAR
Job Description & How to Apply Below

At the company, security is foundational to our mission of helping teams work together effortlessly. Our security team protects the company’s employees, users, and customers by proactively addressing threats, ensuring compliance with legal and regulatory requirements, and fostering a culture of security throughout our product and operations. We are a team of security engineers and risk and compliance practitioners who build innovative safeguards and collaborate across the organization to build and maintain trust at scale.

As the Third Party Risk Management Lead, you will be responsible for building and running the company’s Third Party Risk Management (TPRM) program. You will own the end-to-end lifecycle of vendor security risk — from initial due diligence and risk tiering through ongoing monitoring and remediation. You will work closely with Procurement, Legal, Privacy, and Engineering teams to ensure that our third‑party relationships are effectively assessed, tracked, and managed.

This role is based in our Warsaw office with an office‑centric hybrid schedule. The standard in‑office days are Monday, Tuesday, and Thursday. Most Asanas have the option to work from home on Wednesdays. Working from home on Fridays depends on the type of work you do, and your recruiter can share more about the in‑office requirements.

Our employees in Poland are employed under a contract of employment.

What you’ll achieve
  • Own and scale the company’s TPRM program: Design, implement, and continuously improve a risk‑based framework for assessing and managing third‑party vendors and service providers. Establish risk tiering criteria, assessment workflows, and governance processes that scale with business growth.
  • Lead vendor security assessments: Conduct and oversee security due diligence for new and existing vendors, including reviewing SOC 2 reports, ISO 27001 certifications, security questionnaires (SIG, CAIQ), and other relevant documentation. Identify gaps and work with vendors to remediate findings.
  • Drive remediation and risk acceptance: Track and manage open findings from vendor assessments, work with internal stakeholders to prioritize remediation, and facilitate formal risk acceptance processes where appropriate. Ensure findings are documented and resolved in a timely manner.
  • Manage ongoing third‑party monitoring: Develop and execute a continuous monitoring strategy for critical and high‑risk vendors, including periodic reassessments, breach notifications, and security posture updates. Maintain an accurate and up‑to‑date vendor risk inventory.
  • Review security provisions in vendor contracts: Collaborate with Legal and Privacy teams to assess and negotiate security‑related clauses in vendor agreements, data processing addenda, and subprocessor agreements, ensuring alignment with the company’s policies and obligations.
  • Report on TPRM program health: Develop metrics and reporting to communicate the state of third‑party risk to senior leadership and relevant stakeholders. Support audit and compliance activities by providing evidence of TPRM program effectiveness, including for SOC 2, ISO 27001, and customer audits.
  • Operate globally: Work with a global team to ensure appropriate coverage and coordination across timezones, supporting vendor assessments and risk decisions that span multiple regions.
About you
  • 5+ years of experience in third‑party risk management, vendor risk assessment, or a related information security discipline.
  • Strong knowledge of TPRM frameworks and standards, including SIG, CAIQ, NIST SP 800‑161, ISO 27001, and SOC 2.
  • Experience conducting vendor security assessments and reviewing third‑party security documentation (audit reports, certifications, penetration test summaries, etc.).
  • Solid understanding of core security principles, cloud environments, data privacy, and compliance standards relevant to B2B SaaS organizations.
  • Proven ability to build and operationalize scalable risk management processes and develop metrics for tracking program effectiveness.
  • Excellent communication skills, with the ability to translate technical risk findings into clear, actionable language for both technical and non‑technical…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary