Lead Analyst, Security Strategy – Assurance

This is a fully remote position, open to applicants in United States.

📋 Description

• Take ownership of and enhance the Third Party Risk Management Program.

• Establish and implement OutSystems’ TPRM strategy, which includes risk tiering methodology, assessment frameworks, and ongoing monitoring schedules for critical and high-risk vendors.

• Oversee comprehensive vendor risk assessments and design scalable processes that can adapt to the business's growth.

• Actively identify discrepancies between current TPRM practices and industry benchmarks, and devise solutions to address them.

• Collaborate with teams in Digital, Procurement, Legal, and Engineering to integrate risk requirements into vendor selection and contracting, influencing operational practices of partner teams.

• Manage the vendor risk inventory, monitor the remediation of identified issues, and communicate status updates to leadership with clarity and consistency.

• Keep an eye on the threat landscape and regulatory changes that may impact the third-party risk environment.

• Own and refine the enterprise risk register for the Security division, ensuring consistent identification, assessment, and treatment of risks across business units.

• Design and conduct risk workshops with functional and business leaders to identify emerging risks and assess control effectiveness.

• Develop key risk indicators (KRIs) and generate executive-level risk reports, including dashboards and trend analyses that link security posture to business outcomes.

• Integrate risk management into business planning cycles and cross-functional initiatives, ensuring security considerations are incorporated from the outset.

• Act as a senior contributor to compliance programs that support certifications such as SOC 2, ISO 27001, PCI, HIPAA, and regional regulatory frameworks, advancing the work from mere execution to program ownership and continuous improvement.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.

• 7–10 years of experience in information security, risk management, or compliance, with a minimum of 3–4 years focused specifically on third-party or vendor risk.

• Proven experience in owning and advancing a TPRM program, including framework design, risk tiering, and remediation management.

• Strong understanding of enterprise risk management frameworks (e.g., NIST RMF, ISO 31000, COSO) and security control frameworks (ISO 27001, SOC 2, NIST CSF).

• Experience in supporting or leading internal and external audits for certifications such as SOC 2, ISO 27001, or similar.

• Ability to work independently with significant autonomy, define scope on complex and ambiguous projects, and foster cross-functional alignment.

• Excellent communication skills.

🏝️ Benefits

• Opportunities for professional development.

• Flexible working hours.

• Health insurance coverage.

• Options for remote work.