This is a remote position.

Corporate Security Architect (Third-Party Risk & Enterprise Technology Security)

Role Summary

We are looking for an experienced Corporate Security Assessment Architect to help establish and scale Corporate Security assessment capabilities. This role focuses on Third-Party Risk Assessments (TPRA), security reviews of corporate technologies, and operational risk assessments that support secure business operations.

The Corporate Security Assessment Architect will partner with Procurement, Legal, IT, Privacy, Compliance, and business stakeholders to assess security risks associated with vendors and enterprise technologies. This role will operate within established security policies, standards, and governance processes while providing actionable security recommendations and risk assessments.

The ideal candidate combines strong expertise in vendor risk management, SaaS security reviews, cloud security, and risk analysis with the ability to operate independently in a fast-paced enterprise environment.

Key Responsibilities 

Third-Party Risk Assessments (TPRA)

• Conduct security assessments of third-party vendors, suppliers, and service providers.
• Review SOC 2 reports, ISO 27001 certifications, penetration testing reports, security questionnaires, and architecture documentation.
• Assess controls related to data protection, IAM, infrastructure security, incident response, and business continuity.
• Document findings, risk ratings, remediation recommendations, and approval decisions.

Corporate Technology Security Reviews

• Perform security reviews of SaaS platforms, enterprise applications, and corporate technology solutions.
• Evaluate authentication, authorization, data handling, integrations, logging, monitoring, and security posture.
• Assess emerging technologies, including AI-enabled solutions.
• Provide risk-based recommendations regarding technology adoption.

Assessment Operations & Stakeholder Engagement

• Execute assessments in accordance with established standards and procedures.
• Maintain complete assessment documentation, evidence, findings, and recommendations.
• Track remediation activities and assessment status.
• Collaborate with Procurement, Legal, IT, Privacy, Compliance, and business stakeholders.
• Escalate significant risks through established channels.

Operational Metrics & Reporting

• Prepare reports covering assessment volumes, turnaround times, risk trends, remediation progress, and review outcomes.
• Provide stakeholder-ready summaries and support audit inquiries.

Expected Deliverables

• Completed Third-Party Risk Assessments.
• Security review reports for corporate applications, SaaS platforms, and enterprise technologies.
• Documented risk findings with severity ratings and remediation recommendations.
• Assessment artifacts, evidence, and approval recommendations.
• Remediation tracking updates and validation activities.
• Monthly operational metrics and assessment status reporting.
• Stakeholder-ready summaries and presentations.
• Recommendations for process improvements and assessment automation opportunities.
• Documentation supporting knowledge transfer and future program scaling.

Required Skills & Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.
• 8+ years of experience in Information Security, Security Architecture, Risk Management, or Corporate Security.
• Experience operating TPRM/TPRA programs.
• Experience conducting security reviews of SaaS applications, cloud services, and enterprise technologies.
• Strong understanding of NIST CSF, ISO 27001, SOC 2, CIS Controls, cloud security principles, and IAM.
• Experience reviewing vendor security documentation and performing risk-based assessments.
• Strong written communication skills and cross-functional stakeholder engagement experience.

Preferred Qualifications

• Experience supporting enterprise SaaS environments.
• Experience with GRC platforms and vendor risk management solutions.
• Experience developing security metrics, dashboards, and operational reporting.
• Certifications such as CISSP, CISM, CRISC, CCSP, or CISA.
• Experience assessing AI-enabled technologies and establishing security requirements for AI adoption.