Lead Analyst, Security Strategy – Assurance

🔥 14 horas atrás

🇺🇸 Estados Unidos – Remoto (EUA)

⏰ Tempo Integral

🟠 Sênior

👮‍♂️ Cibersegurança / Engenheiro de Segurança

🦅 Patrocina Visto H1B

Esta empresa já patrocinou vistos H1B no passado.

Candidatar-se

Encontrar Vagas Remotas Similares

Receber Emails de Vagas Remotas

📊 Verifique sua pontuação de currículo para esta vaga

Melhore suas chances de conseguir uma entrevista verificando sua pontuação de currículo antes de se candidatar.

Enviar Currículo

OutSystems

SiteLinkedInTodas as Vagas

1001 - 5000 funcionários

Fundada em 2001

🏢 Corporativo

⚡ Produtividade

☁️ SaaS

Enterprise • Productivity • SaaS

A OutSystems é uma empresa de software que oferece uma plataforma de desenvolvimento de aplicações low-code. Ela permite que organizações desenvolvam, implantem e gerenciem aplicações de nível corporativo com esforço mínimo de codificação. Ao simplificar o processo de desenvolvimento de aplicações, a OutSystems ajuda as empresas a acelerar sua transformação digital e aumentar a produtividade.

Descrição

• Own and Mature the Third Party Risk Management Program • Define and drive OutSystems’ TPRM strategy, including risk tiering methodology, assessment frameworks, and ongoing monitoring cadences for critical and high-risk vendors. • Lead end-to-end vendor risk assessments and architect scalable processes that can grow with the business. • Proactively identify gaps between current TPRM practices and industry standards, and build solutions to close them. • Partner with Digital, Procurement, Legal, and Engineering to embed risk requirements into vendor selection and contracting, influencing how partner teams operate. • Maintain the vendor risk inventory, track remediation of identified issues, and report status to leadership with clarity and consistency. • Monitor the threat and regulatory landscape for developments that affect the third-party risk surface. • Own and evolve the enterprise risk register for the Security division, ensuring risks are consistently identified, assessed, and treated across business units. • Design and facilitate risk workshops with functional and business leaders to surface emerging risks and validate control effectiveness. • Develop key risk indicators (KRIs) and produce executive-level risk reporting, including dashboards and trend analyses, that connect security posture to business outcomes. • Integrate risk management into business planning cycles and cross-functional initiatives, ensuring security considerations are embedded early. • Serve as a senior contributor to compliance programs supporting certifications such as SOC 2, ISO 27001, PCI, HIPAA, and regional regulatory frameworks, elevating the work beyond execution to program ownership and continuous improvement.

🎯 Requisitos

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. • 7–10 years of experience in information security, risk management, or compliance, with at least 3–4 years focused on third-party or vendor risk. • Demonstrated experience owning and maturing a TPRM program, including framework design, risk tiering, and remediation management. • Strong working knowledge of enterprise risk management frameworks (e.g., NIST RMF, ISO 31000, COSO) and security control frameworks (ISO 27001, SOC 2, NIST CSF). • Experience supporting or leading internal and external audits across certifications such as SOC 2, ISO 27001, or equivalent. • Ability to operate with significant autonomy, define scope on complex and ambiguous projects, and drive cross-functional alignment. • Excellent communication skills

🏖️ Benefícios

• Professional development opportunities • Flexible working hours • Health insurance • Remote work options