Lead Analyst, Security Strategy & Assurance

There are NO limits to your career: come shape the future and be part of a truly unique global culture at OutSystems!

About This Role

If you thrive at the intersection of risk, compliance, and strategic impact, this role offers a unique opportunity to define and lead two of the most critical programs within OutSystems’ Security function. As a Lead Analyst on the Security Strategy and Assurance team, you will own our Third Party Risk Management (TPRM) program and drive enterprise risk activities that directly shape how OutSystems manages risk across its vendor ecosystem and broader business.

This is a lead role, meaning you will operate with significant autonomy, define the scope and approach for complex, cross-functional initiatives, and serve as the go-to expert in your domain. You will architect solutions to close gaps between current practices and desired outcomes, build lasting stakeholder relationships, and mentor junior colleagues on the team.

If you are someone who brings deep expertise in vendor risk and compliance, excels at breaking down ambiguous goals into actionable programs, and wants to leave a measurable imprint on an organization’s security posture, we want to meet you.

What You’ll Do

Own and Mature the Third Party Risk Management Program

• Define and drive OutSystems’ TPRM strategy, including risk tiering methodology, assessment frameworks, and ongoing monitoring cadences for critical and high-risk vendors.

• Lead end-to-end vendor risk assessments and architect scalable processes that can grow with the business.

• Proactively identify gaps between current TPRM practices and industry standards, and build solutions to close them.

• Partner with Digital, Procurement, Legal, and Engineering to embed risk requirements into vendor selection and contracting, influencing how partner teams operate.

• Maintain the vendor risk inventory, track remediation of identified issues, and report status to leadership with clarity and consistency.

• Monitor the threat and regulatory landscape for developments that affect the third-party risk surface.

Lead Enterprise Risk Activities

• Own and evolve the enterprise risk register for the Security division, ensuring risks are consistently identified, assessed, and treated across business units.

• Design and facilitate risk workshops with functional and business leaders to surface emerging risks and validate control effectiveness.

• Develop key risk indicators (KRIs) and produce executive-level risk reporting, including dashboards and trend analyses, that connect security posture to business outcomes.

• Integrate risk management into business planning cycles and cross-functional initiatives, ensuring security considerations are embedded early.

Drive Compliance Strategy and Audit Readiness

• Serve as a senior contributor to compliance programs supporting certifications such as SOC 2, ISO 27001, PCI, HIPAA, and regional regulatory frameworks, elevating the work beyond execution to program ownership and continuous improvement.

• Act as the primary point of contact for internal and external audits related to vendor and enterprise risk controls.

• Assess the applicability of emerging regulatory requirements to OutSystems and translate them into actionable program changes.

• Identify and close structural gaps in compliance documentation, control coverage, and audit readiness processes.

Drive Operational Excellence and Process Improvement

• Proactively identify inefficiencies in existing workflows; including evidence collection, audit preparation, risk tracking, and vendor assessment processes, and architect improvements that reduce manual effort and increase throughput.

• Lead the adoption and optimization of GRC tooling and automation, ensuring the team gets maximum value from its platforms and reducing reliance on manual tracking.

• Define repeatable, scalable operating procedures for TPRM and enterprise risk activities so that program quality does not depend on individual heroics.

• Establish and track operational metrics that measure program health, team efficiency, and process maturity over time.

Mentor, Influence, and Build

• Mentor team members, helping them connect their work to the “why” behind risk and compliance objectives.

• Develop and maintain policies, standards, and procedures that govern TPRM and enterprise risk across the organization.

• Drive tooling improvements and automation opportunities within the GRC platform to improve program scalability and efficiency.

• Represent the Security team in cross-functional forums and build strong working relationships with stakeholders at the Lead level and above across Engineering, Digital, Legal, and Finance.

Qualifications & Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.

• 7–10 years of experience in information security, risk management, or compliance, with at least 3–4 years focused on third-party or vendor risk.

• Demonstrated experience owning and maturing a TPRM program, including framework design, risk tiering, and remediation management.

• Strong working knowledge of enterprise risk management frameworks (e.g., NIST RMF, ISO 31000, COSO) and security control frameworks (ISO 27001, SOC 2, NIST CSF).

• Experience supporting or leading internal and external audits across certifications such as SOC 2, ISO 27001, or equivalent.

• Ability to operate with significant autonomy, define scope on complex and ambiguous projects, and drive cross-functional alignment.

• Excellent communication skills

Preferred Qualifications

• Professional certifications such as CRISC, CISM, CISSP, CISA, or ISO 27001 Lead Implementer/Auditor.

• Familiarity with GRC platforms.

• Knowledge of emerging third-party risk regulations such as DORA, NIS2, or CMMC.

• Experience with PCI DSS, HIPAA, or regional compliance frameworks.

• Background in a SaaS or cloud technology company environment.

• Experience mentoring or coaching junior team members.

More about OutSystems

OutSystems is a leading AI Development Platform built for the enterprise. Global organizations trust OutSystems to rapidly build mission-critical apps and agents, modernize legacy processes with agentic systems, and govern their entire AI portfolio across complex regulatory environments, all on one unified platform.

As the future becomes agentic, our customers need us now more than ever. While AI has opened the door to extraordinary possibilities, most large organizations find themselves stuck on one side of the "enterprise gap" because AI by itself doesn't solve their complex use cases and business challenges. OutSystems bridges the "enterprise gap" by combining the speed of generative AI with a deterministic, enterprise-grade framework. We provide the tools for teams of any size to deliver high-quality, reliable AI solutions that drive real business impact.

We are looking for passionate, talented, and motivated people to join us as we empower organizations to build, deploy, and scale the next generation of enterprise software. While we are leading the charge into the agentic era, our mission is broader: we are the platform enterprise leaders trust to evolve their entire business, accelerating innovation through secure, governed human-AI collaboration. 

OutSystems is a global company, with more than 900k developer community members, 1,700 employees, more than 600 partners, and thousands of active customers in over 75 countries and across 21 industries. Founded in 2001, OutSystems now has offices in the United States, United Kingdom, the Netherlands, Portugal, Germany, the UAE, Japan, Hong Kong, Malaysia, Australia, India, and Singapore, and  includes a thriving, worldwide community of remote employees.

Our customers are some of the world's most recognizable brands across diverse industries— such as Toyota, Heineken, Bosch, KeyBank, and UCLA—who trust OutSystems to deliver ROI and transformational impact. 

Consistently recognized as a leader by top analyst firms Gartner, IDC and Forrester, OutSystems continues to shape the future of enterprise software development in the agentic era. We are proud to be named a leader in more than 100 categories on G2, including #1 in Customer Satisfaction in Enterprise Low Code Development, and most recently as a leader in AI Agent Building in the G2 Spring 2026 Reports. 

Working at OutSystems

Our culture is built on our core values of Trust, Customer Success, Innovation, and Alignment. We operate as one global OutSystems team, taking ownership to pursue our vision of being the AI platform enterprise leaders trust to build, secure, and evolve their most critical applications and systems.

What do we have to offer you?

• A company at the vanguard of the agentic revolution, where we don’t just react to AI innovation—we architect it. Joining OutSystems means stepping onto a high-growth rocket ship that combines the fearless agility of a startup with the sophisticated, global foundation of an enterprise powerhouse.

• Real growth opportunities. We don't just talk about development; we invest in it through structured programs designed to scale your expertise. Whether you are aiming for vertical progression, exploring lateral moves into new domains, or mastering specialized AI skills through our Professional Development Fund and Internal Mobility Program, we provide the resources to get you there.

• A global collective of world-class talent, where you’ll collaborate with enterprise software legends and sought-after thought leaders. At OutSystems, our industry experts aren't just visionaries—they are accessible, approachable mentors who are deeply invested in your growth as we architect the agentic future together.

OutSystems nurtures an inclusive culture where talented individuals from all backgrounds are empowered to learn, experiment and make an impact. . We believe that driving our next phase of growth requires the radical creativity that only comes from diverse perspectives. We are committed to building a team as global and diverse as the organizations we serve, ensuring every individual can perform to their full potential. As an equal opportunity employer, all qualified applicants receive equal consideration regardless of race, origin, religion, sex, sexual orientation, gender identity, disability, veteran status, or any other protected status.