Replit
Third Party Risk Management and Customer Trust Lead
Foster City, CA
Role brief
What this role is asking for.
Replit is the agentic software creation platform that enables anyone to build applications using natural language. With millions of users worldwide, Replit is democratizing software development by removing traditional barriers to application creation. ABOUT THE ROLE: Replitโs ecosystem is powered by an expanding array of external services and essential AI model partners. As our lead for Security Vendor Risk & Contract Reviews, you will architect and execute a risk management program focused on substantive evaluation rather than just processing checklists. Youโll analyze SOC 2 documentation, security assessments, and system architectures to determine actual risk profiles, collaborating with our Legal team to secure necessary contractual protections. This role reports to the Head of Security GRC and involves high-impact partnerships across Legal, Engineering, and Product teams. WHAT YOU'LL DO - Run substantive third-party risk management (TPRM), independently evaluating real risk, not just processing questionnaire responses - Review SOC 2 reports, pen test findings, and architecture documentation to form an independent view of vendor risk, extending the same rigor to AI/model providers - Partner with Legal on vendor and AI contract terms, including DPAs, subprocessor agreements, and AI-specific provisions - Review contracts for non-standard security language when flagged by Lega...
Similar searches
Keep browsing verified remote roles.
These links connect this role to broader free job pages with official application sources and stricter location handling where we have enough proof.Company role signals