Wealthsimple is looking for a Third Party Security Risk Management Specialist to safeguard our platform and customer data by ensuring the security of our external partnerships. You will play a critical role in building and scaling our third-party risk management program.
What You'll Do
- Conduct security due diligence and risk assessments for new and existing third-party vendors.
- Develop and maintain security standards, questionnaires, and contract language for vendor engagements.
- Partner with internal procurement, legal, and product teams to integrate security requirements into the vendor lifecycle.
- Monitor and report on the security posture of critical vendors, driving remediation efforts where necessary.
- Continuously improve risk assessment methodologies and workflows.
What We're Looking For
- 3+ years of direct experience in third-party security risk management, vendor risk assessment, or a related field.
- Proven ability to evaluate security controls against frameworks like NIST CSF, ISO 27001, or SOC 2.
- Strong understanding of information security principles, cloud security, and data privacy regulations.
- Excellent communication skills to articulate technical risks to both technical partners and business stakeholders.
- Ability to manage multiple assessments and projects simultaneously with a high degree of autonomy.
Nice to Have
- Experience in the financial services or fintech industry.
- Familiarity with GRC platforms or vendor risk management tools.
- Relevant security certifications (CISSP, CISM, CRISC, etc.).
Work Mode
This is a fully remote position.
Wealthsimple is an equal opportunity employer.
