Responsibilities
- Design, implement, and enhance a scalable third-party risk management (TPRM) framework based on risk tiering, assessment workflows, and governance aligned with organizational growth.
- Conduct and supervise security evaluations for new and current vendors by analyzing SOC 2 reports, ISO 27001 certifications, security questionnaires (SIG, CAIQ), and related documentation to identify control gaps.
- Manage follow-up actions from vendor assessments, coordinate remediation efforts with internal teams, and support formal risk acceptance decisions when necessary, ensuring timely resolution and documentation.
- Establish and maintain a continuous monitoring strategy for high-risk vendors, including periodic reviews, breach alerts, and updates to security posture, while keeping an accurate vendor risk register.
- Partner with Legal and Privacy teams to evaluate and negotiate security terms in vendor contracts, data processing agreements, and subprocessor arrangements to meet internal policies and regulatory requirements.
- Create and deliver performance metrics and reports on third-party risk posture for leadership and compliance purposes, including evidence for SOC 2, ISO 27001, and customer audits.
- Collaborate with a global team to ensure consistent vendor risk practices across regions and time zones, supporting coordinated assessments and risk decisions.
Benefits
- Competitive, transparent, and equitable pay structure
- Employment contract provided
- Eligibility for 50% tax-deductible costs related to author’s rights for qualifying roles
- Comprehensive health coverage including dental and travel insurance via Lux Med
- Reimbursement for meals on office workdays
- Annual budget for professional development and career advancement
- Allowance for setting up a home office
- Reimbursement for gym or fitness memberships
- Access to fertility and family-building healthcare benefits through Carrot
- Mental wellness support via Modern Health platform
- Group life insurance coverage
- Provision of a MacBook and essential accessories
Compensation
Generous, transparent and fair compensation system
Work Arrangement
Hybrid — Warsaw
Other
- Position located in Warsaw with a hybrid model centered around office presence. Core in-office days are Monday, Tuesday, and Thursday. Most staff may work remotely on Wednesday. Remote work on Friday is subject to role-specific needs.
- Employees in Poland are hired under a standard employment contract.
- Health insurance includes dental and travel coverage through Lux Med.
- Meals are reimbursed for days worked from the office.
- Annual career growth budget available.
- Budget provided for home office equipment setup.
- Gym or fitness expense reimbursement offered.
- Fertility and family-forming benefits accessible via Carrot.
- Mental health resources available through Modern Health.
- Group life insurance provided.
- MacBooks and required peripherals are supplied.