Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Vultr

Third Party Risk Specialist

Vultr

. Conduct in-depth technical security assessments of new and existing vendors using standardized questionnaires (SIG, CAIQ, custom frameworks).

Posted 5/19/2026full-timeRemote • 🇮🇳 IndiaMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
CloudCyber Security

About the role

Key responsibilities & impact
  • Conduct in-depth technical security assessments of new and existing vendors using standardized questionnaires (SIG, CAIQ, custom frameworks).
  • Validate that vendor-submitted controls align with industry standards including NIST CSF, ISO 27001, SOC 2, CIS Controls, and applicable regulations (GDPR, DORA, HIPAA, PCI-DSS).
  • Review evidence packages including penetration test reports, vulnerability scans, audit logs, and attestations.
  • Assess network architecture, encryption standards, access controls, patch management practices, and identity management implementations.
  • Operate and interpret third-party security rating platforms (e.g., ArgosRisk, DocuBark, etc.) to track changes in vendor risk posture.
  • Monitor vendors attack surfaces for newly exposed assets, misconfigurations, and known vulnerabilities (CVEs/zero-days).
  • Configure and manage automated alerts for changes in vendor security ratings, breach disclosures, or threat intelligence signals.
  • Perform periodic reassessments on a cadence aligned to vendor risk tier (Tier 1: quarterly, Tier 2: semi-annual, Tier 3: annual).
  • Collect, review, and validate supporting evidence for vendor control claims.
  • Analyze SOC 1 / SOC 2 Type II reports, noting exceptions, qualified opinions, and control gaps.
  • Verify currency and scope of ISO 27001, PCI-DSS, HIPAA, and other certifications.
  • Maintain audit-ready documentation for each vendor within the GRC platform.
  • Monitor vendor breach disclosures and assess organizational impact from third-party security incidents.
  • Coordinate with internal Incident Response (IR) and Security Operations Center (SOC) teams when a vendor is compromised.
  • Track open findings, remediation commitments, and validate closure through re-assessment.
  • Escalate unresolved high-severity findings to risk owners and senior management.
  • Assign, maintain, and update technical risk scores for each vendor based on assessment findings and monitoring signals.
  • Weight risk findings by vendor criticality — factoring in data sensitivity, operational dependency, and regulatory exposure.
  • Contribute technical risk inputs to overall vendor risk ratings within the GRC/TPRM platform.
  • Produce executive-ready dashboards, risk summaries, and periodic reports for senior leadership and risk committees.
  • Identify and map key sub-processors and technology dependencies for critical vendors.
  • Assess concentration risk — flagging cases where multiple vendors rely on the same cloud provider, data center, or software stack.
  • Require vendors to notify of material sub-processor changes and reassess impacted risk profiles accordingly.
  • Issue formal technical findings report to vendors with clear, prioritized remediation guidance.
  • Define remediation timelines, escalation thresholds, and acceptable compensating controls.
  • Validate remediation effectiveness through follow-up evidence collection and re-testing.
  • Escalate non-compliant or unresponsive vendors to procurement, legal, or executive stakeholders.
  • Partner with Procurement, Legal, Compliance, and Business Owners on vendor onboarding and renewal decisions.
  • Translate complex technical findings into clear, business-oriented risk narratives for non-technical stakeholders.
  • Advice on security contract clauses, SLAs, right-to-audit provisions, and breach notification terms.
  • Support internal audit, regulatory exams, and external assessments requiring third-party risk evidence.
  • Continuously refine assessment questionnaires, technical benchmarks, and monitoring playbooks.
  • Stay current on emerging threats, regulatory changes, and evolving industry standards relevant to vendor risk.
  • Contribute to the development and refinement of vendor tiering models and organizational risk appetite definitions.
  • Evaluate and recommend new tools or capabilities to strengthen the TPRM monitoring program.

Requirements

What you’ll need
  • Minimum of 3-5 years of work experience in IT/Security Compliance/Audit function (or equivalent).
  • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field required.
  • A master's degree or equivalent experience in Information Security or Risk Management is a plus. Seven years of experience can suffice in lieu of degree requirements.
  • Familiarity with the security and compliance standards/regulations, specifically SOC 2, ISO 27001, ISO 27701, NIST 800-53, NIST CSF, FedRAMP, DPDPA, MeiTy, GDPR, PCI DSS and HIPAA.
  • Applicants must have work authorization that does not require sponsorship from the company now or in the future.
  • Bonus but not required - CIPP, CTPRM or equivalent certification.
  • Experience with Supplier Life Cycle Management - Vendor Contracting Process and Third-Party Risk Management Programs for Cloud providers.
  • Must be able to collaborate in US time zones.
  • Understanding of AI LLM and testing of AI platforms and products.
  • Self-starter and requires minimal direction from leadership.
  • Methodical and diligent with outstanding planning abilities.
  • Able to meet deadlines and handle multiple priorities.
  • Strong ability to negotiate with business partners to attain successful outcomes.
  • Strong project management skills with the ability to manage several large projects at the same time, keeping them on scope, on budget, and on time.
  • Ability to present and effectively communicate with all levels of the organization.
  • Flexible with the ability to multitask, effectively prioritize, and work under pressure.
  • Advocate of continuous improvement and industry-recognized best practice.
  • Must be able to start employment within 30 days of offer of employment.

Benefits

Comp & perks
  • Medical Insurance stipend paid annually.
  • Professional Development Reimbursement.
  • 9 Company-Paid Holidays.
  • Generous Leave Policy + 1 month paid sabbatical every 5 years + Anniversary Bonus each year.
  • First year remote office setup + reimbursement per quarter each subsequent year for new equipment.
  • Internet reimbursement.
  • Fitness membership reimbursement.
  • Company paid Wellable subscription.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
technical security assessmentsvendor risk managementpenetration testingvulnerability scanningaudit logs analysisidentity managementrisk scoringremediation validationthird-party risk managementsecurity compliance
Soft Skills
collaborationnegotiationproject managementplanningcommunicationself-startermethodicalflexibilitymultitaskingcontinuous improvement
Certifications
CIPPCTPRMISO 27001SOC 2NIST 800-53FedRAMPGDPRHIPAAPCI DSSISO 27701