Related skills
aws gcp iso 27001 iam vpcπ Description
- Build and scale Sierra's vendor security program from the ground up.
- Drive security decisions across all third-party relationships.
- Manage vendor security risk end-to-end, with risk acceptance and mitigation plans.
- Develop and improve program methodology, tooling, risk tiering, monitoring.
- Assess security risk across the full third-party landscape with tailored oversight.
- Ensure the program meets audit and regulatory needs (SOC 2, PCI DSS, FedRAMP, ISO 27001).
π― Requirements
- 10+ years in information security with vendor security, third-party risk, or GRC in regulated environments.
- Technical fluency in cloud security (AWS and GCP), IAM, VPC, encryption, logging, monitoring.
- Deep knowledge of ISO 27001, NIST 800-53, SOC 2, PCI DSS, and FedRAMP.
- Experience building automations, integrations, or detection logic via GRC tooling, APIs, or scripting.
- Genuine curiosity about AI security model supply chains, prompt data handling, and governance.
- Ability to clearly communicate risk to engineers and auditors; comfortable in ambiguity.
π Benefits
- Flexible (unlimited) paid time off
- Medical, dental, and vision benefits for you and your family
- Life insurance and disability benefits
- Retirement plan dependent on country of employment
- Parental leave
- Fertility and family building benefits through Carrot
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest β finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!