Senior Third Party Risk & Controls Specialist
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Third Party Risk & Controls Specialist based in the United States.
This role focuses on strengthening enterprise security by assessing third-party applications, vendor ecosystems, and emerging technologies.
The position combines technical security expertise with risk management, identity governance, and application security practices.
You will evaluate security controls, integration architectures, and access models to help reduce organizational risk.
The role provides the opportunity to influence security strategies around SaaS platforms, APIs, AI technologies, and enterprise applications.
You will collaborate with cross-functional teams including security, procurement, legal, engineering, and business stakeholders.
This is a remote opportunity designed for professionals who thrive in complex, high-impact security environments.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Third Party Risk & Controls Specialist based in the United States.
This role focuses on strengthening enterprise security by assessing third-party applications, vendor ecosystems, and emerging technologies.
The position combines technical security expertise with risk management, identity governance, and application security practices.
You will evaluate security controls, integration architectures, and access models to help reduce organizational risk.
The role provides the opportunity to influence security strategies around SaaS platforms, APIs, AI technologies, and enterprise applications.
You will collaborate with cross-functional teams including security, procurement, legal, engineering, and business stakeholders.
This is a remote opportunity designed for professionals who thrive in complex, high-impact security environments.
Accountabilities:
- Conduct in-depth technical security assessments of third-party applications, vendors, and service providers beyond standard questionnaire-based reviews.
- Analyze API security, authentication mechanisms, data flows, and integration architectures to identify potential risks and vulnerabilities.
- Assess security considerations related to generative AI technologies, including model risks, data privacy concerns, and information exposure.
- Review security documentation, architecture diagrams, and technical controls to provide actionable risk recommendations and mitigation strategies.
- Evaluate enterprise application risks, including Shadow IT discovery, browser extensions, and unsanctioned software usage.
- Support identity and access management initiatives involving role-based access control, least privilege principles, application permissions, and identity governance.
- Review OAuth grants, SAML configurations, API keys, service accounts, certificates, and other non-human identity controls.
- Collaborate with procurement, legal, engineering, and business teams to support vendor onboarding, monitoring, and security improvement efforts.
- Contribute to security reviews, compliance initiatives, and technical due diligence activities across enterprise systems.
- Communicate findings clearly and help stakeholders implement practical security guardrails.
- 5+ years of experience in application security, vendor risk management, cloud security, cybersecurity, or a related discipline.
- Strong understanding of security frameworks such as NIST CSF, ISO 27001, SOC 2, and related compliance standards.
- Experience assessing API security, including REST, GraphQL, authentication, and authorization mechanisms.
- Solid knowledge of IAM concepts including RBAC, ABAC, least privilege access, OAuth 2.0, and SAML.
- Experience managing risks related to non-human identities, including service accounts, API tokens, and certificates.
- Understanding of SaaS architectures, enterprise applications, integration security, and access control models.
- Familiarity with generative AI security risks and emerging threats affecting AI-powered applications.
- Experience supporting technical due diligence, supplier security programs, or third-party risk initiatives is preferred.
- Strong analytical, organizational, prioritization, and project management skills in a fast-paced environment.
- Excellent written and verbal communication skills with the ability to collaborate across multiple teams.
- Knowledge of privacy and compliance requirements such as GDPR, CCPA, or HIPAA is a plus.
- Relevant security certifications such as CISSP, CCSP, CISM, or CRISC are advantageous.
- Competitive annual compensation range of approximately $95,600 - $143,400 USD, depending on experience, qualifications, and job-related factors.
- Comprehensive benefits package designed to support employee health, financial wellbeing, and professional growth.
- Flexible remote work environment with opportunities for collaboration and team connection.
- Access to professional development resources and career growth opportunities.
- Potential eligibility for equity participation through company stock programs.
- Supportive workplace culture focused on transparency, innovation, inclusion, and continuous learning.
- Additional benefits and perks aligned with employee wellbeing and long-term success.
The Senior Third Party Risk & Controls Specialist will be responsible for evaluating and improving security across external applications, vendors, and enterprise integrations while supporting broader identity and access management initiatives.
Requirements:
The ideal candidate brings a strong background in application security, third-party risk management, cloud security, and identity security, with the ability to evaluate complex technical environments and communicate effectively with both technical and business teams.