Lead Analyst, Security Strategy – Assurance

🔥 5 minutes ago

🇺🇸 United States – Remote

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

OutSystems

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

Founded 2001

🏢 Enterprise

⚡ Productivity

☁️ SaaS

Enterprise • Productivity • SaaS

OutSystems is a software company that provides a low-code application development platform. It allows organizations to develop, deploy, and manage enterprise-grade applications with minimal coding effort. By simplifying the process of application development, OutSystems helps businesses accelerate their digital transformation and improve productivity.

📋 Description

• Own and Mature the Third Party Risk Management Program • Define and drive OutSystems’ TPRM strategy, including risk tiering methodology, assessment frameworks, and ongoing monitoring cadences for critical and high-risk vendors. • Lead end-to-end vendor risk assessments and architect scalable processes that can grow with the business. • Proactively identify gaps between current TPRM practices and industry standards, and build solutions to close them. • Partner with Digital, Procurement, Legal, and Engineering to embed risk requirements into vendor selection and contracting, influencing how partner teams operate. • Maintain the vendor risk inventory, track remediation of identified issues, and report status to leadership with clarity and consistency. • Monitor the threat and regulatory landscape for developments that affect the third-party risk surface. • Own and evolve the enterprise risk register for the Security division, ensuring risks are consistently identified, assessed, and treated across business units. • Design and facilitate risk workshops with functional and business leaders to surface emerging risks and validate control effectiveness. • Develop key risk indicators (KRIs) and produce executive-level risk reporting, including dashboards and trend analyses, that connect security posture to business outcomes. • Integrate risk management into business planning cycles and cross-functional initiatives, ensuring security considerations are embedded early. • Serve as a senior contributor to compliance programs supporting certifications such as SOC 2, ISO 27001, PCI, HIPAA, and regional regulatory frameworks, elevating the work beyond execution to program ownership and continuous improvement.

🎯 Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. • 7–10 years of experience in information security, risk management, or compliance, with at least 3–4 years focused on third-party or vendor risk. • Demonstrated experience owning and maturing a TPRM program, including framework design, risk tiering, and remediation management. • Strong working knowledge of enterprise risk management frameworks (e.g., NIST RMF, ISO 31000, COSO) and security control frameworks (ISO 27001, SOC 2, NIST CSF). • Experience supporting or leading internal and external audits across certifications such as SOC 2, ISO 27001, or equivalent. • Ability to operate with significant autonomy, define scope on complex and ambiguous projects, and drive cross-functional alignment. • Excellent communication skills

🏖️ Benefits

• Professional development opportunities • Flexible working hours • Health insurance • Remote work options